[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: auditing

To: Derrell Piper <piper@cisco.com>, ipsec@tis.com
Subject: Re: auditing
From: Ran Atkinson <rja@inet.org>
Date: Wed, 2 Apr 97 17:50:09 GMT Daylight Time
References: <199704020037.QAA00806@fluffy.cisco.com>
Sender: owner-ipsec@ex.tis.com

[co-chair hat off]

--- On Tue, 01 Apr 1997 16:37:41 -0800  Derrell Piper <piper@cisco.com> wrote:

> Auditing is obviously a host-system issue and outside of the scope of the
> network protocol or IPSEC architecture document(s).  

I hear your opinion.

This is not what the IPsec WG has concluded in the past.  It is also not
what other IETF WGs have concluded in the past.  The requirement for 
implementing audit support is entirely consistent with past and current
IETF standards-track specifications and practices.

[co-chair hat on; a general comment not specific to Derrell]
There is not a standards process issue with having an IETF specification
require logging or auditing or such like.  The group might decide to
abandon auditing, but it would not be legitimate to claim a standards
process violation as the rationale for doing so.
[co-chair hat off]

> However, there's
> nothing wrong with pointing out where a host should perform auditing, if
> it's capable of doing so.  In this spirit, it would seem more appropriate
> for the specs to read SHOULD instead of MUST.

The current RFCs and drafts require that some form of auditing be implemented.

They do not, however, specify any _particular_ form of auditing.  One form
might be syslog(), another might be SNMP, a third might be appending 
text strings to an ASCII file [the approach Windows95 takes with respect
to PPP connections].  So the current requirement is quite minimal really
and gives implementers LOTS of manuevering room to pick an implementation
approach that is most sensible for their platforms.

Hilarie is quite right that auditing is really an essential component.
It needs to continue to be a mandatory-to-implement part of the
specifications.

One could argue that it would be useful to have a standards-track SNMP 
IPsec MIB for diagnostic and auditing information.  If anyone wants to
volunteer to write up such a MIB for this WG to consider, please send 
an email to me and Paul Lambert.  I would suggest that things like
the crypto keys be kept outside such an SNMP MIB because it would be
unfortunate if a SNMP security breach caused an IPsec security breach.

Regards,

Ran
rja@inet.org

Follow-Ups:

Re: auditing

From: "Theodore Y. Ts'o" <tytso@MIT.EDU>

Re: auditing

From: Uri Blumenthal <uri@watson.ibm.com>

References:

auditing

From: Derrell Piper <piper@cisco.com>

Prev by Date: Re: MUST vs. SHOULD audit
Next by Date: Re: MUST vs. SHOULD audit
Prev by thread: Re: auditing
Next by thread: Re: auditing
Index(es):
- Main
- Thread