Hi,
================
2.7. Global Block Counter
The global block counter is a 48-bit quantity encoded in base 64 as
eight bytes, which is the number of signature blocks sent out by
syslog-sign before this one, in this reboot session. Note that this
counter crosses signature groups; it allows us to roughly
synchronize when two messages were sent, even though they went to
different collectors.
2.8. First Message Number
This is a 48-bit quantity encoded in base 64 as eight bytes, which
is the unique message number within this signature group of the
first message whose hash appears in this block. (That is, if this
signature group has processed 1000 messages so far, and the 1001st
message from this signature group is the first one whose hash
appears in this signature block, then this field is 1001.)
================
Do we need to be clear and define that the previous SIGN messages are
counted? From my reading of the above, I worked out the following
example. If everyone else is clear with this, then we can all agree
that the wording is fine. If there is discussion, then we'll need
some additional verbiage.
Let's take the case where the device is configured to "double over"
some of the messages. Let's say that the device is set to sign 6
previous messages, after each 3 messages sent. (Kind'a unrealistic,
but work with me... :-) The order and content of the messages would
be:
- Message A1
- Message A2
- Message A3
- SIGN Message - GBC="0", FMN="1", this signs messages A1-A3
- Message B1
- Message B2
- SIGN Message - GBC="1", FMN="1", this signs messages A1-A3,
the first SIGN message, and messages B1 and B2.
- Message C1
- Message C2
- SIGN Message - GBC="2", FMN="4", this signs the first SIGN
message, messages B1, B2, the second SIGN message,
and messages C1 and C2.
Does everyone accept this?
Thanks,
Chris
