Great question... No they are not... You can still use certificates without needing an expensive PKI. Self-signed certificates managed manually (trust). Rob and I keep trying to tell you this, and we have provided white papers explaining scalability and management methods. I recommend that you do NOT invent something special for syslog. Choose certificates and be done.
John > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of Rainer Gerhards > Sent: Friday, May 23, 2008 1:44 AM > To: [email protected] > Subject: [Syslog] fingerprint vs PSK > > Hi all, > > in my implementation effort (now mostly completed), I asked several > people for advise on implementing fingerprints. In almost all cases the > initial reply was "why use non-standard fingerprints when we have PSK"? > I know that RFC 4279 in section 1.1 says: > > If the main goal is to avoid Public-Key Infrastructures (PKIs), > another possibility worth considering is using self-signed > certificates with public key fingerprints. Instead of manually > configuring a shared secret in, for instance, some configuration > file, a fingerprint (hash) of the other party's public key (or > certificate) could be placed there instead. > > However, I think it would be useful to add some short text why > fingerprints are more desirable. And the real question is: are they > actually more desirable? > > Rainer > _______________________________________________ > Syslog mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/syslog _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
