Hi Tom, How would you think this would be deployed? In order for an IP address match to be secure in most environments the IP address in the configuration of the transport sender would have to match against an IP address in a subject field within the certificate. Would it be reasonable for a syslog receiver to have a certificate issued to it that has its IP address in a subject field?
Joe > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of tom.petch > Sent: Friday, May 09, 2008 4:54 AM > To: Rainer Gerhards; [email protected] > Subject: Re: [Syslog] -transport-tls-12, IP addresses > > I think that we should allow IP addresses. At the entry > level network box, I think that they are widely used. > > Tom Petch > > > ----- Original Message ----- > From: "Rainer Gerhards" <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Wednesday, May 07, 2008 10:39 PM > Subject: [Syslog] -transport-tls-12, IP addresses > > > > Joe, > > > > [Editor's Note: How useful is it to match against IP > address? Do we > > expect deployments to issue certificates with IP > addresses in them? > > Are IP addresses typically used in configuration? ] > > > > I find this a tough question. In my experience, it is not > uncommon to > > configure forwarding via IP addresses instead of hostnames. > One reason > > for this is because of reliability of the logging system > when DNS is > > not (yet --> system startup) available. On the other hand, > I find it > > even a bit disturbing to have a certificate issued for an > IP address. > > But it may make sense. I personally would expect that > operators tend > > to use hostnames inside the certificate. The problem, of > course, would > > be that the configuration then needs both the name and IP address... > > > > I hope this is useful information, even though I am undecided. > > > > Rainer > > _______________________________________________ > > Syslog mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/syslog > > _______________________________________________ > Syslog mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/syslog > _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
