Technical Summary
This document describes a mechanism to add origin authentication,
message integrity, replay resistance, message sequencing, and
detection of missing messages to the transmitted syslog messages.
This specification is intended to be used in conjunction with the
work defined in RFC 5424, "The Syslog Protocol".
Working Group Summary
The consensus of the working group was to publish this as a
standards-track document.
Protocol Quality
It is possible that there are implementations of this document in
various stages of completion at this time. Some equipment vendors
have indicated interest in supporting this document, and some
non-commercial implementations are also expected.
Personnel
The document shepherd is David Harrington, and the responsible
area director is Pasi Eronen.
RFC Editor Note
In Section 5.2.2, item (b), change both instances of "specifying"
to "configuring".
In Sections 9.x, change all occurrences of "IETF Consensus" to
"IETF Review".
Insert a new paragraph in Section 1, just before the last paragraph:
"The process of signing works as long as the collector accepts the
syslog messages, the Certificate Blocks and the Signature Blocks.
Once that is done, the process is complete. After that, anyone can
go back, find the key material, and validate the received messages
using the information in the Signature Blocks. Finding the key
material is very easily done with Key Blob Types C, P, and K (see
Section 5.2.1) since the public key is in the Payload Block. If
Key Blob Types N or U are used, some poking around may be required
to find the key material. The only way to have a vendor-specific
implementation is through N or U; however, also in that case the
key material will have to be available in some form which could be
used by implementations of other vendors."