Martin, to clarify what you are suggesting - are you suggesting to strike section 6.2 and change the title of 6 to "Redundancy"? I think the entire section is in essence informational; per se I would have no issues taking it out.
Now, regarding question 2: I am not clear about what you are asking. How a signature group is defined is ultimately up to an administrator (specifically if SG fields are 2 or 3). It is probably not a good idea to change these on the fly, although it probably does not need to be prohibited. Should this issue be discussed in a separate statement somewhere? (Basically, it would state something along the lines that while it is possible to change how Signature Groups are configured, adminstrators need to be aware of the implications.) The statement at the end of 6.2 states that it is legitimate for an originator to send short Signature Blocks to allow the collector to verify messages quickly (and not have to wait until a Signature Block is "filled up"). Precisely because the block are variable in length this is possible. So, I am not clear what the issue would be with that statement? --- Alex -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Schütte Sent: Friday, August 01, 2008 2:52 PM To: [email protected] Subject: [Syslog] Syslog-sign: 6.2. Flexibility Hello, is section 6.2. (Flexibility) still relevant? I have the impression all of its statements refer to older versions and are obsolete in the current protocol. An originator may change many things about the makeup of Signature and Certificate Blocks in a given reboot session. The things it cannot change are: * The version * The number or arrangements of Signature Groups Question 1: Is there anything left that can be changed inside a reboot session? Only the redundancy, but that is always discussed in 6.1. Question 2: Is there any reason to prevent any change? IMO no. I would say a Signature Group is defined by the values of HOSTNAME, VER, RSID, SG, and SPRI. So if an originator has only one signature group and suddenly uses different values for some Blocks then these Blocks simply will not belong to the same signature group. No need to introduce the concept of change only to forbid it. It is legitimate for an originator to send short Signature Blocks to allow the collector to verify messages quickly. Signature Blocks are variable in length. Allowing a short one is meaningless. -- Martin _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
