Hi,
I've noticed some inaccuracies for the truncation at the initial
sender. I suggest several modifications :
in section 6
---------
<
TRUNCATE = "0" / "1" / "2" / "3"
>
TRUNCATE = "0" / "1" / "2" / "3" / "5" / "6" / "7"
---------
in section 6.1 Message Lentgh
---------
<
Receivers SHOULD follow this order of preferrence when it comes to
truncation:
>
If a sender have a message with a length larger than 2,048 octets, the
sender MAY send it complete or truncate the payload before send it.
This order of preferrence SHOULD be follow when it comes to
truncation:
---------
<
When a receiver truncates a message, the TRUNCATE field
(Section 6.2.4) MUST be updated. Please note that this will break
eventually existing digital signatures.
>
When a receiver or initial sender truncates a message, the TRUNCATE
field (Section 6.2.4) MUST be updated. In the case of a receiver,
please note that this will break eventually existing digital
signatures.
---------
in section 6.2.4 TRUNCATE
---------
<
The TRUNCATE field is used to indicate if the message has been
truncated since it was sent. Such a truncation might happen on any
receiver, including receivers on interim systems (relays). Values in
the TRUNCATE field are made up of bits. Each of this bits has been
assigned a specific value so that there is no doubt about bit
ordering. The following values MUST be used:
VALUE Meaning
1 all or some SD-ELEMENTs were truncated
2 all or part of MSG was truncated
4 truncation occured at the initial sender
If the initial sender truncates a message, this MUST be inidicated by
setting the "truncation occured at the initial sender" bit (value 4).
>
The TRUNCATE field is used to indicate if the message has been
truncated since it was sent or generated by an application.
Such a truncation might happen on the initial sender and any
receiver, including receivers on interim systems (relays). Values in
the TRUNCATE field are made up of bits. Each of this bits has been
assigned a specific value so that there is no doubt about bit
ordering. The following values MUST be used:
VALUE Meaning
1 all or some SD-ELEMENTs were truncated
2 all or part of MSG was truncated
4 truncation occurred at the initial sender
The value in the TRUNCATE field is the ASCII representation of these
ORed bits. If the initial sender truncates a message, this MUST be
indicated by setting the "truncation occured at the initial sender"
bit (value 4). In the case of the truncation occured at the initial
sender and at a receiver (relay or collector), he MUST unset the third
bit (value 4). This allows to detect the signature is invalid.
---------
and for the next paragraph:
---------
Some examples: If no truncation occured, TRUNCATE MUST have a value
of 0. If SD-ELEMENTs were truncated on the receiver, TRUNCATE MUST
have a value of 1. If they were truncated on the initial sender,
TRUNCATE must have the value of 5. If structured data and MSG were
truncated on an interim system, TRUNCATE MUST have the value 3. If
only MSG was truncated on the initial sender, TRUNCATE MUST have the
value 6.
---------
s/must have the value of 5/MUST have the value of 5/
Thanks,
--
Didier Dalmasso
_______________________________________________
Syslog-sec mailing list
[email protected]
http://www.employees.org/mailman/listinfo/syslog-sec
