Tom, On Wed, 2008-05-28 at 15:51 +0200, tom.petch wrote: > I encounter networks where the devices do not have names, in any meaningful > manner (perhaps just a default sysName left in by the manufacturer). Boxes > are > identified by address, layer 2 - MAC - or layer 3 - IP. What I am resisting > is > the need to allocate and maintain a namespace where none exists at present. > > This use of IP address is independent of what appears in the IP header of the > packet; here it is serving as an identity for the box not as something to put > in > the source field of the IP header. In theory, if the IP address of the device > changed, then you could keep the old address as an identity but I think that > would be too bizarre. > > Tom Petch
I see your point. I always looked from the security perspective, but that isn't what you are trying to achieve. It is the need not to start another new name space... OK. >From the implementors POV, I think ipAddress will bring in another set of matching rules (you've probably seen my other message on this topic). I have seen that, for example, I must support IP range matching. It also looks like I need to do netmask based matching. Of course, all of this is not rocket science. It may even be already used in other parts of the same program. I still wonder if we should really require every implementation to carry all that additional code just to permit this scenario which, to be honest, seems to be a quite uncommon case. May it be a good work-around to simply use the reverse DNS ptr names as the subject alt name? Rainer _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
