200 messages in org.freebsd.freebsd-securityRe: secure logging (was: Re: security...| From | Sent On | Attachments |
|---|---|---|
| 112 earlier messages | ||
| Gary Palmer | Jul 28, 1997 10:27 pm | |
| Gary Palmer | Jul 28, 1997 10:28 pm | |
| Vincent Poy | Jul 28, 1997 10:35 pm | |
| Vincent Poy | Jul 28, 1997 10:37 pm | |
| John-David Childs | Jul 28, 1997 10:38 pm | |
| Gary Palmer | Jul 28, 1997 10:40 pm | |
| Vincent Poy | Jul 28, 1997 10:44 pm | |
| Gary Palmer | Jul 28, 1997 10:50 pm | |
| Vincent Poy | Jul 28, 1997 10:55 pm | |
| Jordan K. Hubbard | Jul 28, 1997 10:59 pm | |
| Vincent Poy | Jul 28, 1997 11:01 pm | |
| Jordan K. Hubbard | Jul 28, 1997 11:07 pm | |
| Jordan K. Hubbard | Jul 28, 1997 11:11 pm | |
| Jordan K. Hubbard | Jul 28, 1997 11:16 pm | |
| Sergei S. Laskavy | Jul 29, 1997 12:13 am | |
| John-David Childs | Jul 29, 1997 2:09 am | |
| Narvi | Jul 29, 1997 2:48 am | |
| Stephen D. Spencer | Jul 29, 1997 3:43 am | |
| Robert Watson | Jul 29, 1997 5:32 am | |
| Adam Shostack | Jul 29, 1997 5:49 am | |
| Robert Watson | Jul 29, 1997 6:39 am | |
| Nate Williams | Jul 29, 1997 7:19 am | |
| Rodney W. Grimes | Jul 29, 1997 8:58 am | |
| Warner Losh | Jul 29, 1997 9:25 am | |
| Warner Losh | Jul 29, 1997 9:34 am | |
| Christopher Petrilli | Jul 29, 1997 9:52 am | |
| Jim Shankland | Jul 29, 1997 9:57 am | |
| John Dowdal | Jul 29, 1997 10:50 am | |
| Poul-Henning Kamp | Jul 29, 1997 12:05 pm | |
| Bill Pechter | Jul 29, 1997 12:29 pm | |
| Matthew Hunt | Jul 29, 1997 12:37 pm | |
| Christopher Petrilli | Jul 29, 1997 12:43 pm | |
| [Mario1-] | Jul 29, 1997 1:07 pm | |
| Garrett Wollman | Jul 29, 1997 1:07 pm | |
| [Mario1-] | Jul 29, 1997 1:14 pm | |
| sth...@nethelp.no | Jul 29, 1997 1:39 pm | |
| Jordan K. Hubbard | Jul 29, 1997 2:23 pm | |
| Vincent Poy | Jul 29, 1997 2:45 pm | |
| Vincent Poy | Jul 29, 1997 2:57 pm | |
| Vincent Poy | Jul 29, 1997 3:02 pm | |
| sth...@nethelp.no | Jul 29, 1997 3:30 pm | |
| Rocco Lucia | Jul 29, 1997 3:33 pm | |
| Vincent Poy | Jul 29, 1997 3:44 pm | |
| Aaron Bornstein | Jul 29, 1997 3:44 pm | |
| Vincent Poy | Jul 29, 1997 3:54 pm | |
| Vincent Poy | Jul 29, 1997 4:00 pm | |
| Jay D. Nelson | Jul 29, 1997 5:29 pm | |
| Adam Shostack | Jul 29, 1997 6:06 pm | |
| Gary Schrock | Jul 29, 1997 6:10 pm | |
| Adam Shostack | Jul 29, 1997 6:11 pm | |
| Michael Smith | Jul 29, 1997 6:54 pm | |
| Jay D. Nelson | Jul 29, 1997 7:58 pm | |
| Jay D. Nelson | Jul 29, 1997 8:10 pm | |
| Michael Smith | Jul 29, 1997 8:25 pm | |
| Marco Molteni | Jul 30, 1997 5:04 am | |
| James Seng | Jul 30, 1997 5:31 am | |
| Alex G. Bulushev | Jul 30, 1997 5:59 am | |
| Vincent Poy | Jul 30, 1997 6:45 am | |
| Robert Watson | Jul 30, 1997 7:03 am | |
| Nate Williams | Jul 30, 1997 7:48 am | |
| Vincent Poy | Jul 30, 1997 7:54 am | |
| Nate Williams | Jul 30, 1997 8:06 am | |
| Nate Williams | Jul 30, 1997 8:13 am | |
| Vincent Poy | Jul 30, 1997 8:28 am | |
| Vincent Poy | Jul 30, 1997 8:33 am | |
| zoonie | Jul 30, 1997 9:09 am | |
| Poul-Henning Kamp | Jul 30, 1997 9:25 am | |
| Poul-Henning Kamp | Jul 30, 1997 9:31 am | |
| John-David Childs | Jul 30, 1997 10:17 am | |
| Ian Kallen | Jul 30, 1997 10:37 am | |
| Patrick Gilbert | Jul 30, 1997 11:43 am | |
| Jay D. Nelson | Jul 30, 1997 1:52 pm | |
| [Mario1-] | Jul 30, 1997 2:06 pm | |
| Jordan K. Hubbard | Jul 30, 1997 3:53 pm | |
| Jordan K. Hubbard | Jul 30, 1997 4:04 pm | |
| yossman | Jul 30, 1997 4:20 pm | |
| Jordan K. Hubbard | Jul 30, 1997 4:24 pm | |
| Peter Korsten | Jul 30, 1997 4:43 pm | |
| Michael Smith | Jul 30, 1997 8:01 pm | |
| Cy Schubert | Jul 30, 1997 9:10 pm | |
| FreeBSD Technical Reader | Jul 30, 1997 11:18 pm | |
| Marco Molteni | Jul 31, 1997 5:24 am | |
| yossman | Jul 31, 1997 9:00 am | |
| Adam Shostack | Jul 31, 1997 9:19 am | |
| Marc Slemko | Jul 31, 1997 11:23 am | |
| Andrew | Aug 1, 1997 10:00 pm | |
| Dmitry Kohmanyuk | Aug 1, 1997 10:32 pm | |
| Philippe Regnauld | Aug 2, 1997 1:46 pm | |
| Subject: | Re: secure logging (was: Re: security hole in FreeBSD) | |
|---|---|---|
| From: | Adam Shostack (ad...@homeport.org) | |
| Date: | Jul 29, 1997 6:11:02 pm | |
| List: | org.freebsd.freebsd-security | |
Robert Watson wrote: | Is there any concensus on the use of DNSsec in the network community, as | it has not yet been made widely available (or at least, it is available, | but not largely used.) The key namespace here could be used however one | desired, nor necessarily in a DNS-style way. The entity-name, whatever | that is, simply suggests which key/algorithm should be used, a server | could be configured to pull that information from DNSsec, or from an | internal key-file (or both.)
I don't trust the DNS right now. I also don't see a need to put keys there for local use. Use ssh to distribute them. :)
| An ACK message has already been stated as desirable -- would a simple | signature over the last packet (or header + signature) using the shared | secret, entity public key, or whatever, back on the TCP connection | suffice? Maybe something lighter-weight?
I'm leaning to acks being simpler than involving the last packet, and towords them involving just a sequence number:
ACK log://somehost.evil.net:234566, HMAC
Adam
-- "It is seldom that liberty of any kind is lost all at once." -Hume