Hi Rainer,
I'm still not seeing too many responses about how TLS is authenticated.
Only Baszi has said that full X.509 certificates should be used - similar
to how they are used in stunnel. Is this acceptable to the WG? Should
the WG also consider using PSKs as proposed in RFC 4279?
Having authenticated TLS will address many of the threats described in RFC
3164. Is this how the Working Group wants to proceed? I'd like to hear
from more people on this.
Thanks,
Chris
On Wed, 18 Jan 2006, Rainer Gerhards wrote:
Chris,
I have not heard back from anyone about how SSL is currently being
implemented for syslog. From that, I might conclude that message
confidentiality is not a priority for the community.
(Responses to that
would be welcome.)
I thought that these postings pointed out what is done:
http://www.mail-archive.com/syslog%40lists.ietf.org/msg00421.html
http://www.mail-archive.com/syslog%40lists.ietf.org/msg00420.html
http://www.mail-archive.com/syslog%40lists.ietf.org/msg00432.html
http://www.mail-archive.com/syslog%40lists.ietf.org/msg00411.html
You might also want to review some of these documents:
http://www.stunnel.org/examples/syslog-ng.html
http://freshmeat.net/articles/view/1781/
Rainer
_______________________________________________
Syslog mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/syslog
