FYI,
Daren New and I have been mailing each other back and
forth about this stuff and thought the rest of the
list should know about our thinking...
Here's some of the back-and forth:
>>> and > are Daren
>> is me.
>>> Alright. That's easy enough to add. I expect
>>> it would be possible to add simply by saying
>>> "You can also sign an <entry> with W3C
>>> specification yadda yadda yadda..."
>>> Nothing new there. I just wonder if it would
>>> satisfy the others on the list as well.
>>
>> Yeah, but...
>>
>> 1. The wording has to be stronger or nobody
>> will actually implement it.
>> It has to say that implementations MUST
>> interoperate with the signatures stuff
>> to the extent that the signatures don't
>> get corrupted, that raw-to-cooked gateways
>> should support adding signatures, that native
>> syslogd's should support signatures out of
>> the box, and that whether signatures actually
>> get added to a particular message should be
>> application and/or system-admin configurable.
>
> Yes, sure.
>
>> 2. It might be better to incorporate the signing
>> right into COOKED because you want the
>> reliability header info to get signed too.
>> I'm assuming that in the future most messages
>> will start out in COOKED mode as new
>> versions of syslogd make their way in the
world.
>
> I'd be surprised if everyone gave up the UDP
> versions of syslog, myself.
My last comment to Daren was that, while people may
not give up the UDP versions, we don't have to provide
all the most advanced services to people who don't.
So... The idea sound like it's moving in the direction
of adding signatures to COOKED mode in Syslog-Reliable
and possibly adding confidentiality to Syslog-Auth.
Does this seem reasonable to everyone?
__________________________________________________
Do You Yahoo!?
Thousands of Stores. Millions of Products. All in one Place.
http://shopping.yahoo.com/
