On 05/22/2012 03:26 PM, Doug Hellmann wrote: > -> In addition to a signature, I think we would need a sequence number > to be embedded by the agent for each message sent, so that loss of > messages, or forgery of messages, can be detected by the collector and > further audit process. > > > OK. We have a message id, but I assumed those would be used to eliminate > duplicates so this sounds like something different or new. It implies > that the agent knows its own id (not hard) and keeps up with a sequence > counter (more difficult, though not impossible). Did you have something > in mind for how to implement that?
Actually, this was my intent in the original blueprint when I specified the "message_id" field then a couple lines bellow: "a process may verify that messages were not lost". On the implementation side, I was thinking that each agent would maintain its own sequence count, as a global instance count would be pricier. In my mind, non repudiation was built from the message_signature + message_id which should be unique for each agent. Nick
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp