> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] > Sent: Thursday, June 05, 2008 6:46 AM > To: [EMAIL PROTECTED] > Cc: syslog; [EMAIL PROTECTED] > Subject: Re: [Syslog] Subject Name verification policy > > I agree with Rainer that those fixes would make it good enough. > > [Rainer] > > It may also be useful (but not vital) to include a note that > > transport-tls is a secure, but not a 100% reliable protocol > (because tcp > > without an app-layer ack is unreliable). Lots of folks have the > > misconception that just because tcp is used it is reliable. > For that, > > one needs to implement rfc 3195. But, again, this is not a important > > enough point to hold publishing. > > > > I worry that getting into the reliability discussion will > delay things. > The reliability discussion is more a tutorial about the > limitations of TCP > and is not syslog specific. It comes up because syslog users > react very > negatively to the work "unreliable" in UDP and become concerned. > [...] > All of this discussion would really be advanced education on > the error > recovery capabilities of TCP and is not syslog specific in any way. >
I disagree. I think Rainer pointed out that the lack of an application ACK limits reliability, and the lack of a syslog ACK is definitely syslog specific. A small note to this effect in the security considerations should be adequate. David Harrington [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
