-----BEGIN PGP SIGNED MESSAGE-----
>Date: Mon, 12 Feb 2001 10:58:23 -0600
>To: John Kelsey <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
>From: "Chris M. Lonvick" <[EMAIL PROTECTED]>
>Subject: Re: syslog-sign (almost) real-time verification, comments
> requested.
>Hi John,
>This looks good. It has a low complexity factor and doesn't
>change the existing messages.
Thanks. I wanted to convince myself that it could be done
reasonably efficiently, before I claimed that in the
document. Do you think it makes sense for me to include
some description of my proposed algorithm in the document?
Or should I just stick to saying that it can be done?
>There has been a lot of discussion on the list -and I've
>received several comments separately- of the time format in
>the existing messages. Since the syslog-syslog ID is only
>documenting the current message format we can't change that.
>Also, the intent of the overall system has been that the
>messages would be reviewed fairly soon after they were
>generated and would not really need a year marker. It was
>also considered that the messages would have local
>significance and that the administrators would know the
>timezone of the device generating the message. Does it make
>sense to include an optional timestamp in the body of the
>message that gives more robust details of the time?
I really like the idea of putting as much information into
the log messages as possible. In particular, putting a
complete timestamp in might make them more useful as
evidence in criminal trials later. (Though I suspect this
won't usually be the case, since most people don't keep old
log backups in the right way to ensure proper chain of
custody for evidence.)
>Speaking of time, as you're writing you may want to consider
>what should happen if the device doesn't generate messages
>very often. As you mention in "d", it will need to be
>tunable to provide good redundancy coverage. However, what
>could happen if the device is configured to generate a block
>after 5 messages, but the device only generates 4 messages
>within an hour and then just sits there for the next week
>without any further activity? I wouldn't want the block to
>be lost if the device is rebooted during that later time.
>Perhaps it would be good to put a note in the draft that
>says that the block may be sent even if it is not full to
>the configured capacity.
Yes, actually I made a change like this to my document about
a week ago. Thinking about the near-real-time processing of
messages led pretty directly to this thought about how the
server would handle short signature blocks.
>Thanks,
>Chris
- --John Kelsey, [EMAIL PROTECTED]
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 Int. for non-commercial use
<http://www.pgpinternational.com>
Comment: foo
iQCVAwUBOomSpiZv+/Ry/LrBAQEVGAP/d9n57Q4kAbW/FADg7v/16mh2env8Wlts
mH/xP9zmeBljxUQMP9EHA3u+84Sjo9nzm895EGbk+Qx7C3u2jebr1hrcA1TY1XHy
jMYP0h41ViDdhFNjo3MysuNbTgQT4fHXTjv7YHtF3HqyREP7veoTe6JqjmnQ7mjj
YP4ERbQictk=
=Nwcx
-----END PGP SIGNATURE-----
