I don't see a security issue with using the same certificate for both receiver and sender in the case of a relay. It would be possible to create a policy based on a certificate extension that would limit the use of a certificate to a receiver or sender, but this is not specified in the current proposal.
Joe > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rainer Gerhards > Sent: Sunday, May 25, 2008 11:55 PM > To: [email protected] > Subject: [Syslog] same certificate for client and sender? > > Hi all, > > If I look at a relay, it is both a transport receiver and > transport sender. And, of course, it is a single software > entity. In my implementation I am currently using a single > certificate on relays - both being used for the sender as > well as the receiver. While this is natural, I am not sure if > it is secure. > > Could you advise on what is reasonable secure in a relay environment? > Note, however, that using different certificates may finally > disable any remaining auto-configuration capabilities (which > I have with a single certificate). > > Feedback is appreciated. > > Rainer > _______________________________________________ > Syslog mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/syslog > _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
