Joseph Salowey (jsalowey) schrieb: >> What happened to the requirement from draft 12: >>> For subject name verification, client implementations MUST >>> support configuring, for each transport receiver, the name to be >>> matched against the certificate. > [Joe] I think I see your point, how about modifying the text such > that host name is replaced by "configured name" as below: > > Does this help?
"configured name" clarifies that no DNS is necessary. But for me it still sounds a bit optional, I am not sure every implementor will read it as a requirement to introduce a 'subject name' field into its syslog.conf. The original above was more explicit. >> So this only applies to wildcards in the certificate? > [Joe] I actually meant to remove the reference to wildcards in the > certificate. Ok. >> If a configured name is used for matching, should that be allowed >> to contain wildcards as well? (I hope not because that would make >> the whole name matching useless.) > [Joe] New text > > "Implementations also MAY support wildcards I suggest to insert here: ... in configured hostnames ... > to match a range of > values. For example, a "*" wildcard character MAY be used as the -- Martin _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
