Alexander Clemm wrote: > I don't see anything that would prohibit sliding windows? Then > again, I don't see it mentioned particularly. Would probably not > hurt to mention it explicitly. Perhaps some text in section 4.2.5, > in conjunction with discussion of First Message Number? Similarly, > in section 7.1, when describing the algorithm, can include something > along the line that we need to maintain a cursor, indicating the > highest message number that was processed so far, and if the > subsequent Signature Block message has a smaller FMN, we "skip > forward" accordingly.
The step "Skip all other Signature Blocks with the same First Message Number" in the algorithm doesn't work well with overlap. For example, a sliding-window implementation with rule "send signature block after every 5 messages, and include at most 15 hashes in one block" would, after rebooting, send signature blocks FMN="1" CNT="5" FMN="1" CNT="10" FMN="1" CNT="15" FMN="6" CNT="15" FMN="11" CNT="15" ...where skipping the second and third signature block isn't the correct behavior. Best regards, Pasi _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
