Hi Bazsi,
On Thu, 7 Sep 2006, Balazs Scheidler wrote:
On Thu, 2006-09-07 at 17:17 +0800, Miao Fuyou wrote:
Starting from TCP and then upgrading to tls is quite different to current
tls transport mapping document. If we decide to do UPGRADING, we may first
need a TCP transport mapping for Syslog, and then define a specific string
to indicate the other side to upgrade to TLS. We currently assume Syslog has
a IANA allocated port for tls transport mapping, we may not need such
complexity on upgrading.
FYI, HTTP has two tls mechansims: RFC2818(standards track) is similiar to
this draft, RFC2817(Informational) is on upgrading.
We clearly stated in our charter that we won't define a plain TCP
version (although I personally disagree).
I think that we have discussed this before; you are free to write your own
ID on this. I know that others support this so you should be able to find
people to help.
A simple capability negotiation can be useful for reasons beyond TLS
upgrade, like an optional support for Application Layer
acknowledgements.
I fear that if we start going down that path we will reinvent RFC 3195.
We need to continue addressing simplex syslog with syslog-transport-tls.
We can address capabilities exchange either in 3195bis or it can be looked
into in a future revision of syslog/tls (yet another good reason for a
version field). If you get a lot of people doing syslog/tcp with a
capabilities exchange mechanism then it should be simple to put that into
a subsequent version of syslog-transport-tls.
Thanks,
Chris
_______________________________________________
Syslog mailing list
[email protected]
https://www1.ietf.org/mailman/listinfo/syslog
