----- Original Message ----- From: "Miao Fuyou" <[EMAIL PROTECTED]> To: "'tom.petch'" <[EMAIL PROTECTED]>; "'David Harrington'" <[EMAIL PROTECTED]>; "'Balazs Scheidler'" <[EMAIL PROTECTED]>; "'Chris Lonvick'" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, September 20, 2006 4:36 AM Subject: RE: protocol was Re: version field in syslog-tls - was: RE: [Syslog] WorkingGroupLastCall: syslog-tls document
> Comments inline. > > > Not yet; I do not yet see one obvious right action to text. > > Rather I see > > choices:- > > a) receiver terminates session unilaterally; currently this > > is only allowed after an 'idle timeout' and closure alert. > > 'protocol_version' alert would seem appropriate; do the TLS > > stacks allow syslog to generate this?. > > > > "protocol_version" is only for TLS version, it may not be inappropriate to > indicate unsupporting application protocol version, it also may invoke > another TLS handshaking. > > I checked "user_canceled" alert, TLS suggests (not strongly) that it can > only be permitted during TLS handshaking, not after handshaking. Another > option is to use "internal_error" alert, it is not very proper to meet this > requirement. I tend to use "user_canceled" to indicate that the server does > not support the version. Openssl has a fucntion ssl3_send_alert() to serve > this purpose. > I agree; TLS alerts are attractive but seem to lack a user extension which allows TLS applications to specify their own, context-specific ones, so using one of them is a fudge. Alternatively, creating our own application level 'ok' or 'not ok' seems more alien to syslog; I await any other suggestions. Tom Petch > > b) receiver returns syslog text message 'not ok' which rather > > implies a message 'ok' when it is, all of which is alien to > > this simplex application. > > > > c) receiver terminates session. simple, but likely to cause > > the sender to keep retrying for a while. > > > > Thoughts? > > > > Tom Petch > > _______________________________________________ Syslog mailing list [email protected] https://www1.ietf.org/mailman/listinfo/syslog
