Alexander Clemm wrote: > The most important issue concerned the issue of having multiple > signers. After some contemplating, I decided that this can be > resolved quite simply by clarifying that the combination of APP-NAME > and PROCID refers to a unique signer (no, I didn't introduce it as a > new term, it's still originator), and needs to be consistent between > Certificate Block and Signature Block messages. If multiple > originators are used, they each in effect have their own "scope" - > they each have their own Payload Block and Signature Blocks etc. > > The algorithm in section 7 can stay the same, but I added some > clarification also there about how to identify/distinguish between > different originators, and the fact that consistency between > Certificate Block and Signature Block messages with regards to the > originator needs to be checked.
Hmmm... the major challenge in -25 was that although Payload/Signature Block identify the originator (HOSTNAME,APP-NAME,PROCID), normal syslog messages do not. So it seems you cannot separate the stored log files by originator, and process the parts one by one. If I understand you right, you're saying Section 7 does *not* in fact assume that you can separate the normal syslog messages by originator? BTW, version -26 is still silent about whether a single originator can sign the same set of messages using different algorithms (VER), and if it can, whether these are same Signature Groups (with same message number space) or different. What's your proposal for addressing this -- or do you think signing using multiple algorithm doesn't have to be supported? Best regards, Pasi _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
