long time no post, but now one is really due…
Let’s wrap up: The IETF is trying to standardize and evolve the syslog protocol. Syslog is in wide-spread use for system and network monitoring, both in small and large-scale environments. Though widely used, it has never been standardized and is inherently insecure. The IETF syslog working group is trying to change this. During the work, a proposal for a (TLS) secured syslog protocol has been developed, a real group effort. This proposal reflects what already is done in practice (just google for “syslog ssl” and you see what I mean…).
Now, Huawei (the authors of the standard document belong to them) claims an undisclosed patent on this work. This in turn has lead to a standstil of the standardization effort plus a search for alternate, less efficient and more complex solutions to the problem.
The full story can be obtained from the working group’s mailing list archive. It started with this message:
The discussion can be followed by reading the top half posts on this page:
Two of my favourite rants in the discussion are these:
Isn’t that cool? It is a nice example of how useful that current software patent system really is.