This is precisely the sort of thing that RFC 3195 attempted. You want
authenticated source? You can have it. You want authenticated server?
You can have that too. You can even have unauthenticated server with
authenticated client. As we've just released a revision draft, I
suggest people
, 2007 11:56 PM
To: Miao Fuyou
Cc: [EMAIL PROTECTED]
Subject: Re: [Syslog] AD Review for draft-ietf-syslog-transport-tls
I recommend that you drop message stream modification if my analysis
[At this point, we're still figuring out what we want to say.
I'm speaking as an individual not an AD
transport-tls should be designed to enable policy decisions. This group is
not able to make policy decisions. Some of this discussion is really
policy making. Policy discussions within syslog should be oriented towards
ensuring that any reasonable policy can be properly supported.
For
It sounds like trust anchor selection (what security people talk about
when the rest of the world talks about set of root CAs) is actually
very important to you. It's just that you don't actually consider the
traditional root CAs part of your trust anchor set; you have a much
smaller trust anchor
]
|
| cc: [EMAIL PROTECTED]
|
| Subject: Re: [Syslog] AD Review for draft-ietf-syslog-transport-tls
:[EMAIL PROTECTED]
Sent: Wednesday, January 31, 2007 5:37 PM
To: Miao Fuyou
Cc: [EMAIL PROTECTED]
Subject: Re: [Syslog] AD Review for draft-ietf-syslog-transport-tls
I'll get back to you on the generic certificates issue. For
now, I recommend you read RFC 4107. Also note that each
I recommend that you drop message stream modification if my analysis
[At this point, we're still figuring out what we want to say.
I'm speaking as an individual not an AD.]
of the charter is a correct analysis and we meant for that to apply to
syslog-sign.
I recommend you split out peer entity
-
From: Sam Hartman [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 31, 2007 5:37 PM
To: Miao Fuyou
Cc: [EMAIL PROTECTED]
Subject: Re: [Syslog] AD Review for draft-ietf-syslog-transport-tls
I'll get back to you on the generic certificates issue. For
now, I recommend you read RFC 4107
Miao == Miao Fuyou [EMAIL PROTECTED] writes:
Miao Section 2 identifies masquerade as a major security threat
Miao for syslog. In the draft, client authentication and server
Miao authentication are SHOULDs(server authenticaiton may be not
Miao spelled out explicitly). After
I'll get back to you on the generic certificates issue. For now, I
recommend you read RFC 4107. Also note that each device needs a
unique MAC address so the manufacturing process tends to have a step
for making a device unique.
So, it sounds like all forms of authentication are optional in
inline
Tom Petch
- Original Message -
From: Miao Fuyou [EMAIL PROTECTED]
To: 'Sam Hartman' [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Wednesday, January 31, 2007 5:50 AM
Subject: RE: [Syslog] AD Review for draft-ietf-syslog-transport-tls
Hi Sam,
Thanks for the review! My response
Hi Sam,
Thanks for the review! My response is inline.
Regards,
Miao
-Original Message-
From: Sam Hartman [mailto:[EMAIL PROTECTED]
Sent: Wednesday, January 31, 2007 7:23 AM
To: [EMAIL PROTECTED]
Subject: [Syslog] AD Review for draft-ietf-syslog-transport-tls
Hi, folks
12 matches
Mail list logo