I think the core point is that trust models in -sign and -transport-TLS are quite different. At least, I think, it would be useful to provide a mapping between the two.
Rainer > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Jon Callas > Sent: Wednesday, July 23, 2008 8:45 PM > To: <[EMAIL PROTECTED]> > Cc: [email protected] > Subject: Re: [Syslog] Syslog-sign: Certificate chains? > > > On Jul 23, 2008, at 5:27 AM, <[EMAIL PROTECTED]> > <[EMAIL PROTECTED] > > wrote: > > > > > Most IETF protocols that send certificates around support sending > > certificate chains, too. Should syslog-sign support this, too? > > If not, why? > > The model is for a more direct trust system where the certificate > transfered is its own trust anchor. So if I am going to send you a log > stream that I'll be signing with a certificate, I just send you the > cert that I'm signing with. There's no need for a chain. Perhaps that > cert descends from a formal CA and that may contain its own goodness, > but it is not necessary. > > Jon > > > _______________________________________________ > Syslog mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/syslog _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
