Internet-Drafts | 27 May 20:15 2009

I-D Action:draft-ietf-syslog-sign-26.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Security Issues in Network Event Logging Working Group of the IETF.

	Title           : Signed syslog Messages
	Author(s)       : J. Kelsey, et al.
	Filename        : draft-ietf-syslog-sign-26.txt
	Pages           : 45
	Date            : 2009-05-27

This document describes a mechanism to add origin authentication,
message integrity, replay resistance, message sequencing, and
detection of missing messages to the transmitted syslog messages.
This specification is intended to be used in conjunction with the
work defined in [RFC5424], "The syslog Protocol".

A URL for this Internet-Draft is:

Internet-Drafts are also available by anonymous FTP at:

Below is the data which will enable a MIME compliant mail reader
implementation to automatically retrieve the ASCII version of the
Attachment (draft-ietf-syslog-sign-26.txt): message/external-body, 70 bytes
Syslog mailing list
Syslog <at>
(Continue reading)

Alexander Clemm (alex | 27 May 20:20 2009

Syslog-sign -26


I just submitted version -26, addressing the items below.  E.g.: New
examples have been included.
TBPL was changed to TPBL. Clarification on the "leading zeroes omitted",
where parameters contain decimal values. Clarification on the unix
system time.  

The most important issue concerned the issue of having multiple signers.
After some contemplating, I decided that this can be resolved quite
simply by clarifying that the combination of APP-NAME and PROCID refers
to a unique signer (no, I didn't introduce it as a new term, it's still
originator), and needs to be consistent between Certificate Block and
Signature Block messages.  If multiple originators are used, they each
in effect have their own "scope" - they each have their own Payload
Block and Signature Blocks etc.  

The algorithm in section 7 can stay the same, but I added some
clarification also there about how to identify/distinguish between
different originators, and the fact that consistency between Certificate
Block and Signature Block messages with regards to the originator needs
to be checked.  

--- Alex

-----Original Message-----
From: syslog-bounces <at> [mailto:syslog-bounces <at>] On Behalf
Of Pasi.Eronen <at>
Sent: Monday, April 06, 2009 4:06 AM
(Continue reading)