Hi Martin, ok, unless others raise objections I'll change title of 6 to redundancy and strike 6.2. I'll retain mention of the fact somewhere that the originator is free to decide when to send signature blocks, something that might even be subject to configuration. I'll also have a statement somewhere about that change in configuration of signature groups needs to coincide with start of new reboot sessions.
--- Alex -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Schütte Sent: Monday, August 04, 2008 7:05 AM To: [email protected] Subject: Re: [Syslog] Syslog-sign: 6.2. Flexibility Alexander Clemm (alex) schrieb: > to clarify what you are suggesting - are you suggesting to strike > section 6.2 and change the title of 6 to "Redundancy"? I think the > entire section is in essence informational; per se I would have no > issues taking it out. Yes. > Now, regarding question 2: I am not clear about what you are asking. > How a signature group is defined is ultimately up to an administrator > (specifically if SG fields are 2 or 3). It is probably not a good > idea to change these on the fly, although it probably does not need to > be prohibited. Should this issue be discussed in a separate statement > somewhere? (Basically, it would state something along the lines that > while it is possible to change how Signature Groups are configured, > adminstrators need to be aware of the implications.) Of course every change will require a new reboot session and the sending of new Certificate Blocks, so the receiver/verifier will be able to notice. Given that I do not see a difference between a config change "on the fly" and restarting the server/daemon with the new configuration. > The statement at the end of 6.2 states that it is legitimate for an > originator to send short Signature Blocks to allow the collector to > verify messages quickly (and not have to wait until a Signature Block > is "filled up"). Precisely because the block are variable in length > this is possible. So, I am not clear what the issue would be with > that statement? It is no big deal. I just found it irritating and wondered if there were also long blocks. Maybe it would be better to add a remark to section 4 (Signature Blocks) stating that the originator is free to decide when to send Signature Blocks, how many hashes they contain and if/how he adds redundancy. -- Martin _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
