inline > -----Original Message----- > From: Anton Okmianski (aokmians) [mailto:[EMAIL PROTECTED] > Sent: Friday, February 24, 2006 1:20 PM > To: Miao Fuyou > Cc: [EMAIL PROTECTED] > Subject: RE: [Syslog] Coming to consensus on syslog threats > > > Miao: > > > I thinks it is good that all TCP/TLS clients in the same > host (device, > > relay or collector) share same client cert. > > It depends on what you want to authenticate. I would mandate > a tie of client identity to identity of the host. > > > My > > further suggestion > > is to resuse > > tls session for all clients in same host. > > While a valid use-case, we cannot mandate a central syslog > agent on host which all clients must use. Each application > should be allowed to function as independent an syslog client IMO. >
Actually the exact meaning is to reuse the security parameters of a earlier session or current active session. > > But, I don't think > > the certs can be generic to different hosts, it will weaken > > the security of > > TLS. > > There are legitimate use-case for that. It depends on what > you want to authenticate. For example, if I want to allow > access to my server to all applications of type X which all > share the same certificate even thought they are on different > hosts. In this case, I am authenticating the application > type, not specific client or host. > > Anton. > _______________________________________________ Syslog mailing list [email protected] https://www1.ietf.org/mailman/listinfo/syslog
