Attendees: Chris Wee, James Pace, Kirk Bradley
What goes into the audit log? - A router is not just the abstraction, it has host componenets - Audit reduction might not be necessary if care is taken with the audit data How does data get back to audit host? - What kind of crypto / protocol can be used? - If an entry does not meet authorization check, what do you do with it? | Throw it away? But a malicious router can do DoS | Use the data? Don't be ridiculous! | Use knowlege that something between here and there is malicious? How do you do this? - How much corruption can the algorithm handle before it chokes?