> The transport sender (TLS client) has three different options for > authenticating and authorizing the transport receiver (TLS server).
I do not know if this has been discussed previously, but what is your opinion on lower requirements in order to get transport-tls supported by embedded devices, i.e. switches and printers? Scenario: I could imagine a printer (as the client) having a self-signed certificate and no ability to authenticate the server's certificate. As long as the server has a copy of the client's certificate and can verify it, a secure transport is possible. As an admin I would rather configure this one-way authentication and get a TLS-enabled device than having to fall back to UDP. Should this be an allowed scenario to be covered by tls-transport? Scenario2: Say the same printer with its self-signed cert is configurable with a CA-cert that enables it to authenticate the server (but maybe without checking the certificate's CN/dNSName/IP). That would allow a reasonably secure setup. -- Should this be an allowed scenario to be covered by tls-transport? In my opinion it should be, thus I would like to keep the requirements on authentication rules as simple as possible. -- Martin _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
