>>>>> "Darren" == Darren Reed <[EMAIL PROTECTED]> writes: Re: transit timestamps Darren> I have one problem with this: it requires changes/additions to the Darren> original message. This poses some obvious problems when you start Darren> adding MAC's of the original message, etc, to what's being sent Darren> around. No, it doesn't. It only requires the the information be prepended/appended rather than inserted, and that the signatures be nested if you want the transit information to be authenticated. e.g.: <log message(srchost,srctime,...,logmsg)> <MAC(log message,Key(srchost))> <transit(trnhost,trntime,...)> <MAC(alloftheabove,Key(trnhost))> I'm not sure how much value authenticating the intermediate hops has, but it may be a good option. -- Carson Gaspar -- [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.cs.columbia.edu/~carson/home.html Queen Trapped in a Butch Body
Re: timestamp in syslog messages belong to ?
by way of "Chris M. Lonvick" <[EMAIL PROTECTED]> Mon, 10 Apr 2000 10:31:01 -0700
- timestamp... Darren Reed