On Wed, 2006-01-11 at 13:09 -0500, Sam Hartman wrote: > >>>>> "Rainer" == Rainer Gerhards <[EMAIL PROTECTED]> writes:
> You can certainly do this. > It's even a reasonable solution if: > > 1) The people who need integrity are willing to deploy some sort of > credential to the senders. (This is more or less given; without > it, I think you can prove no solution exists). > > 2) That credential is a valid TLS credential. > > In particular note that TLS would not be useful in a Kerberos > environment,an environment where people had ssh public keys, etc. Although not strictly related to this discussion, but TLS does support kerberos based authentication, see RFC 2712 > > So, from a theoretical standpoint, your proposed solution works. The > WG needs to consider whether it meets the needs of operators in > practice. If so, then that's a fine direction. How to decide? Are there operators on this mailing list who we could poll, or is it enough that at least three implementors are on the list were involved in the discussions and seem to agree? -- Bazsi _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog
