[syslog-ng] Encrypted messages
todd glassey
todd.glassey@worldnet.att.net
Tue, 9 Oct 2001 08:06:52 -0700
----- Original Message -----
From: "Balazs Scheidler" <bazsi@balabit.hu>
To: <syslog-ng@lists.balabit.hu>
Sent: Tuesday, October 09, 2001 2:39 AM
Subject: Re: [syslog-ng] Encrypted messages
> On Mon, Oct 08, 2001 at 07:30:04PM -0400, Forrest Aldrich wrote:
> > At 12:34 PM 10/8/2001 -0700, Nate Campi wrote:
> >
> > >I think most of us just forward over stunnel with TCP logging and don't
> > >reallly worry about it.
> > [ ... ]
> >
> > Sure, that works. But since it's listed as a "feature-to-be" and with
> > other scenarios where stunnel might be overkill, this feature would be
> > worthwhile to have. I presume it would have some form of digital
> > signature (and verification) capability?
>
> There are two ways:
>
> - use simply SSL/TLS
> - use the new drafted syslog-sign protocol
neither of these address the necessity to prove receipt of the message from
the Server however. They are at best external methods of fortifying the
outside of the communications process, but TCP/IP especially over Ethernet
is an issue from being able to prove anything.
T.
>
> I'd go for both options with syslog-ng, ASAP whatever this means.
Bazsi - I would suggest that there needs to be a receipt manager as an
optional portion of NG. What it would do is compare the signatures from
client's it knows clients to a message prior to marking it as "official".
This would entail some form of "discovery process" as well though, but it
could be done!
>
> --
> Bazsi
> PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C
8EB1
>
> _______________________________________________
> syslog-ng maillist - syslog-ng@lists.balabit.hu
> https://lists.balabit.hu/mailman/listinfo/syslog-ng