In some email I received from John Kelsey, sie wrote:
[...]
> b. Is there a problem having my PRI values always have a leading zero?
> (e.g., PRI 46 is included as "046".
Yes, if "PRI" is a combination of "proirity" AND "facility".
Or you should make it explicitly clear what you mean by "PRI".
> Using digital signatures instead of MACs to authenticate
[...]
I think you mean "instead of unsigned MACs". Digital signatures
*ARE* MACs but more.
[...]
> sysadmin who uses the system; he must configure any relays
[...]
systems administrator, not "sysadmin".
> Syslog-sign provides four options for handling signature
> groups, linking them with PRI values. In all cases, no more
> than 192 signature groups (0-191) are permitted. In this
> list, SIG is the signature group, and PRI is the PRI value
> of the signature and certificate blocks in that signature
> group.
It should be possible for there to be at least one group for
each combination of facility and priority. That should have
the above worded "no less than 192". You might wish to define
0-191 as being per-PRI and 192+ as being "user defined". I
don't see any necessary reason to put a ceiling on this, aside
for convenience and then it should be something like MAXINT.
The problem you have here is that the local storage of messages
does not necessarily reflect anything to do with them being sent.
For other numbers, you should define numbers which are used and
make others invalid and not worry about ranges.
What you need to add, and can't(?), is something to the syslog
messages that identify them with "channels" or destinations and
generate signature blocks every n messgaes for each "channel".
Darren
