I've seen security policies go both ways on this, so it's best for syslog to remain silent. There are times when the relay should use the same cert for both and other times when it should be different.
Kind Regards, Robert Horn | Agfa HealthCare Research Scientist | HE/Technology Office T +1 978 897 4860 Agfa HealthCare Corporation, 100 Challenger Road, Ridgefield Park, NJ, 07660-2199, United States http://www.agfa.com/healthcare/ Click on link to read important disclaimer: http://www.agfa.com/healthcare/maildisclaimer "Joseph Salowey (jsalowey)" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 05/28/2008 08:38 PM To "Rainer Gerhards" <[EMAIL PROTECTED]>, <[email protected]> cc Subject Re: [Syslog] same certificate for client and sender? I don't see a security issue with using the same certificate for both receiver and sender in the case of a relay. It would be possible to create a policy based on a certificate extension that would limit the use of a certificate to a receiver or sender, but this is not specified in the current proposal. Joe > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rainer Gerhards > Sent: Sunday, May 25, 2008 11:55 PM > To: [email protected] > Subject: [Syslog] same certificate for client and sender? > > Hi all, > > If I look at a relay, it is both a transport receiver and > transport sender. And, of course, it is a single software > entity. In my implementation I am currently using a single > certificate on relays - both being used for the sender as > well as the receiver. While this is natural, I am not sure if > it is secure. > > Could you advise on what is reasonable secure in a relay environment? > Note, however, that using different certificates may finally > disable any remaining auto-configuration capabilities (which > I have with a single certificate). > > Feedback is appreciated. > > Rainer > _______________________________________________ > Syslog mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/syslog > _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
