At 05:42 PM 1/10/01 -0800, Darren New wrote:
>> I'd appreciate it if people would review syslog-syslog-03 rather than
>> commenting upon this summary. :-)
>
>Aren't these changes going to break syslog-auth, syslog-sign, and so on? If
>a relay starts changing the contents of messages it's forwarding, signatures
>won't work any more.
Hi Darren,
The relay will ONLY change the contents if it doesn't find a valid PRI
and TIMESTAMP. I guess that the question then arises of the device that
doesn't have any concept of a wall-clock. There are possibilities that
John should think about and discuss such as:
- just use "Jan 01 00:00:00" for the TIMESTAMP even though it will almost
always be wrong, or
- provide a hash over all fields except the TIMESTAMP and HOSTNAME, or
- caution that devices that don't have knowledge of a wall-clock can't
use syslog-auth/sign.
I'll bet that there are other possibilities as well.
Let's see what John comes up with in his synthesis from his other
proposals.
Thanks,
Chris
