2002-12-20T15:45:47 Christopher Lonvick:
- there are many tcp-based implementations to transport syslog but none
of them interoperate
I'm not as sure about that. It's possibly the case that not all of
them interoperate, but I'd expect most of them to; about the only
interesting question I can
2002-12-17-17:25:20 Tom Perrine:
The BEEP protocol looks like it has all the right features (and then
some!).
Yes indeedy and then some. Multiplexed streams of
MIME-structure-framed XML seems a bit over the top, no?
But as Marshall pointed out, the syslog over BEEP doesn't need all
the
2002-12-17-18:43:20 Frank O'Dwyer:
Bennett Todd:
2002-12-17-14:50:28 Frank O'Dwyer:
SSL doesn't provide client authentication (at least not easily
on its own).
What's wrong with client certificates?
PKI, basically, and the lack of it.
The myth that PKI is required for client certs
2002-12-17-18:11:43 Marshall Rose:
here's an interesting thought experiment: if TLS (nee SSL) is
around, why did the IETF add SASL to all of its application
protocols?
Errh, because the Cyrus team implemented it, and nobody was
offering a better way to stuff authentication into SMTP? The
BEEP may or may not pay its freight, but I don't see it becoming
available across the board --- including innumerable embedded gizmos
and weird proprietary OSes --- any time soon.
On the other hand, if we started with syslog-as-it-is-today, added
TCP transport, took off the line length limits,
2002-12-17-13:42:38 Marshall Rose:
Bennett Todd:
[ use SSL for auth and encryption ]
and this works great, right until someone decides they have a requirement for a
security technology not met by ssl, at which point it's fatal.
Well, it's fatal, or else it's not.
If an additional function