Hi,
As everyone should recall from Section 4.8 ("Hash Block") from
syslog-sign,
The hash block is a block of hashes, each separately encoded in base
64. Each hash in the hash block is the hash of the entire syslog
message represented by the hash. The hashing algorithm used
effectively specified by the Version field determines the size of
each hash, but the size MUST NOT be shorter than 160 bits. It is
base 64 encoded as per RFC 2045.
We should come to agreement on the definition of the "entire syslog
message". I believe (but I'm willing to open this to debate on the list)
that the "entire syslog message" is what is described in syslog-protocol.
This excludes the transport parts that are described in
syslog-transport-udp and syslog-transport-tls (like the byte-counter), and
will exclude any other parts that may be defined in future transports.
Specifically for syslog-protocol, the hash value will be the result of the
hashing algorithm run across the payload starting with "<" and ending with
the BOM.
If no one disagrees with this, then I'll ask Alex to get it into the next
version of syslog-sign. Can anyone propose similar language for how to
deal with 3164-style messages?
Thanks,
Chris
_______________________________________________
Syslog mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/syslog
