Hi Rainer, On Wed, 30 Jul 2003, Rainer Gerhards wrote:
> Hi all, > > The syslog-sign ID refers to UDP in several places. I wonder if this is > by intension. I don't see any reason why we should limit it to UDP > tranport and outrule TCP. Shouldn't it be better transport-independent? I know that Jon answered that some time ago. It is transport-independent. syslog-sign describes a replacement of syslog/UDP but it is expected to ride atop syslog-reliable as well. In that case, it is expected to provide all of the benefits of both reliable transport and authenticated delivery and storage. > > As actual example, I do not see any reason why syslog-sign should NOT > travel over RFC 3195/RAW. Of course, with COOKED, there are some issues, > but RAW would be a big advantage. As of now, I think we could not do a > standard-compliant sign via RAW implementation. It _should_. :-) The way it was supposed to have worked was that the "authenticated syslog" work was to be finished first, and then the "reliable transport" work was to be completed. However, when Marshall and Darren were ready to do syslog-reliable, only RFC 3164 was available. When syslog-sign is submitted to become an RFC, Marshall and Darren will be able to revise 3195 to incorporate the better fields (TIMESTAMP and HOSTNAME) that are defined there. It was also suggested that 3195 be revised to accomodate work going on in the NetConf WG but I havn't seen much activity there yet dealing with 3195. > > Comments? Yup. If we get far enough in our discussions of the internationalization of syslog, that may be factored into the revision of 3195. :-) > > Many thanks, > Rainer Gerhards Thanks, Chris