Joe, [Editor's Note: How useful is it to match against IP address? Do we expect deployments to issue certificates with IP addresses in them? Are IP addresses typically used in configuration? ]
I find this a tough question. In my experience, it is not uncommon to configure forwarding via IP addresses instead of hostnames. One reason for this is because of reliability of the logging system when DNS is not (yet --> system startup) available. On the other hand, I find it even a bit disturbing to have a certificate issued for an IP address. But it may make sense. I personally would expect that operators tend to use hostnames inside the certificate. The problem, of course, would be that the configuration then needs both the name and IP address... I hope this is useful information, even though I am undecided. Rainer _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
