On Wed, 2006-01-18 at 06:24 -0800, Chris Lonvick wrote: > Hi Rainer, > > I'm still not seeing too many responses about how TLS is authenticated. > Only Baszi has said that full X.509 certificates should be used - similar > to how they are used in stunnel. Is this acceptable to the WG? Should > the WG also consider using PSKs as proposed in RFC 4279? > > Having authenticated TLS will address many of the threats described in RFC > 3164. Is this how the Working Group wants to proceed? I'd like to hear > from more people on this.
Maybe I was not completely clear. I think we should go the TLS route and let the operator decide whether he wants authenticated or unauthenticated TLS (or asymmetric authentication, e.g. the server is authenticated but the client is not just like in HTTPS) So I fully agree with Rainer on this one. -- Bazsi _______________________________________________ Syslog mailing list [email protected] https://www1.ietf.org/mailman/listinfo/syslog
