Attendees: Chris Wee, James Pace, Kirk Bradley
What goes into the audit log?
- A router is not just the abstraction, it has host componenets
- Audit reduction might not be necessary if care is taken with
the audit data
How does data get back to audit host?
- What kind of crypto / protocol can be used?
- If an entry does not meet authorization check, what do you do
with it?
| Throw it away? But a malicious router can do DoS
| Use the data? Don't be ridiculous!
| Use knowlege that something between here and there is
malicious? How do you do this?
- How much corruption can the algorithm handle before it chokes?