[EMAIL PROTECTED] schrieb:
Most IETF protocols that send certificates around support sending
certificate chains, too. Should syslog-sign support this, too?
If not, why?
As Jon said it is not required for the signing as such.
But both PKIX and OpenPGP keys can be signed and users might have a
security policy to verify the keys used for signing.
To encourage this in verification tools we could suggest a key
verification in Section 7 (Efficient Verification of Logs) or Section
8.9 (Man In The Middle Attacks).
--
Martin
_______________________________________________
Syslog mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/syslog
