RE: auditing

[Glen Zorn <glennz@microsoft.com>]

Bill Sommerfeld [sommerfeld@apollo.hp.com] writes:

	> > 	At a minimum, "auditable" means that an implementation
MUST
	> > 	provide a mechanism which securely records the fact that
the
	>                                          ^^^^^^^
	> 	Dan Harkins suggests replacing "records" with "reports",

	> 	which would permit network-based reporting to be
substituted
*	for local storage if appropriate in some implementation.

I would second this suggestion.  I am concerned with the word "securely"
in the above, however.  For example, neither of the popular suggestions
I've heard for auditing (syslog, RADIUS) qualify as being particularly
secure in my mind.  I would be much more comfortable if we eithe a)
removed or b) more closely defined the word "securely".  Must the audit
messages (if sent on the net) be tamper-proof? Encrypted?

	I don't have a problem with this change to my amendment..

	Note that as worded, a single counter per event (or perhaps a
	(counter,timestamp) pair) could conceivably be considered a
minimal,
	but compliant, implementation of "auditing".  I don't think this
is an
	extreme burden, but it may be too minimalistic for some..

	>   I have also heard a private suggestion that maybe some of
the
	> auditing material might be moved into the "Security
Considerations"
	> section.  That wouldn't bother me, though I will observe that
verbage
	> anywhere in the RFC is equally binding on implementations.

	Hmm.  I think that a statement that a given exceptional
condition is
	an "auditable event" should be right next to the defintion of
the
	exceptional condition.  There could be a (redundant) complete
list of
	auditable events in an appendix or in the security
considerations
	section..

						- Bill

---

• Prev by Date: IPSEC Agenda - Preliminary
• Next by Date: comments on draft-ietf-new-auth-00
• Prev by thread: Re: auditing
• Next by thread: RE: auditing
• Index(es):
  • Main
  • Thread