I agree with Darren. Rainer
> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Darren Reed > Sent: Friday, January 20, 2006 3:07 PM > To: Chris Lonvick > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: [Syslog] Re: Threat model and charter > > Chris, > > > I'm still not seeing too many responses about how TLS is > authenticated. > > Only Baszi has said that full X.509 certificates should be > used - similar > > to how they are used in stunnel. Is this acceptable to the > WG? Should > > the WG also consider using PSKs as proposed in RFC 4279? > > > > Having authenticated TLS will address many of the threats > described in RFC > > 3164. Is this how the Working Group wants to proceed? I'd > like to hear > > from more people on this. > > I think supporting TLS and all of its authentication options is what > we should do in our documentation. Or to put it another way, we > shouldn't worry ourselves with restricting use of TLS to a particular > authentication model, be it PSK or X.509 or something else. > > What we should be doing is letting systems people use whatever they > feel comfortable with and are already deploying...which makes me > think, we need to be saying "authentiation style(s) X must be > included", > to set a minimum level of interoperability between all > implementations. > > I believe that minimum level should be PSK as anything certificate > orientated can quickly become complicated, not just for management > but initial use. > > So to express this in RFC terms, TLS PSK MUST be supported, > TLS .... SHOULD be supported, TLS ...... > > Darren > > _______________________________________________ > Syslog mailing list > [email protected] > https://www1.ietf.org/mailman/listinfo/syslog > _______________________________________________ Syslog mailing list [email protected] https://www1.ietf.org/mailman/listinfo/syslog
