> We'll wait for your notes as well as notes from Balazs. > Glad to hear about the opensource. :-)
Hi, I have reviewed the draft and have the following comments: - signature blocks description: "Priority" field is said to be 3 bytes long in the summary, but details show that it's really 4 bytes (two bytes version, 1 byte hash, 1 byte signature scheme) - I think some more algorithms should be defined in the priority field: for hashes SHA1 seems to be sufficient, but OpenPGP DSA is missing at least RSA. - In signature blocks, we have 2 version fields, the first one applying to the whole syslog-sign protocol, the second to certificate blocks. I don't know whether this understanding is correct, since this is not described in the rfc. Do we need so many version fields? Can't we use a single version field with several bitfields? And if we do, do we need them to be 16 bits wide? - Another question (I know I was not involved in the development of the protocol, so I might be whining too much): signature groups are limited to 192 in number. I see that 192 comes from the fact there are 192 different priority levels. Do we need to drag this limitation to this new protocol? I know that SIG can be equal to PRI, but I see this as the special case. - First message number: the description is somewhat unclear to me. Maybe it should be reworded a bit. - Payload blocks: IP addresses are not 128 bits, unless we are speaking about ipv6 - I would define an additional relay, which verifies messages on-line and also forwards them (possibly signed again). This would be useful on firewalls. -- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1
