Just for the records: I am also statisfied with this wording. Rainer
> -----Original Message----- > From: David Harrington [mailto:[EMAIL PROTECTED] > Sent: Tuesday, November 28, 2006 6:46 AM > To: 'Miao Fuyou'; Rainer Gerhards; [EMAIL PROTECTED] > Subject: RE: [Syslog] Updated Syslog-tls Document > > That wording satisfies me. > > dbh > > > -----Original Message----- > > From: Miao Fuyou [mailto:[EMAIL PROTECTED] > > Sent: Monday, November 27, 2006 9:07 PM > > To: 'David Harrington'; 'Rainer Gerhards'; [EMAIL PROTECTED] > > Subject: RE: [Syslog] Updated Syslog-tls Document > > > > > > I am changing the sentence to: > > > > "For the deployment where confidentiality is a concern, receiver > > authentication is required for sender/relay to make sure it > > is talking to > > the right peer. It is up to the operator to decide whether > > confidentiality > > is a concern for a specific deployment. " > > > > This sentence serves as a tip for deployer rather than something > about > > on-the-wire protocol. > > > > Thanks, > > Miao > > > > > -----Original Message----- > > > From: David Harrington [mailto:[EMAIL PROTECTED] > > > Sent: Tuesday, November 28, 2006 8:27 AM > > > To: 'Rainer Gerhards'; 'Miao Fuyou'; [EMAIL PROTECTED] > > > Subject: RE: [Syslog] Updated Syslog-tls Document > > > > > > > > > > > > > -----Original Message----- > > > > From: Rainer Gerhards [mailto:[EMAIL PROTECTED] > > > > Sent: Thursday, November 23, 2006 2:48 AM > > > > To: Miao Fuyou; [EMAIL PROTECTED] > > > > Subject: RE: [Syslog] Updated Syslog-tls Document > > > > > > ------------------------------------- > > > > > > 5.1 > > > > > > > > > > > > == > > > > > > When confidentiality is a concern, a sender/relay MUST > > > > > authenticate > > > > > > the receiver to make sure it is talking to the right > peer. > > > > > > == > > > > > > > > > > > > I do not find the MUST is appropriate here: "when > > > confidentiality > > > > > > is a concern" is not a hard fact. What does it mean? > > > When MUST I > > > > > > implement authentication. Is my Implementation not > > compliant to > > > > > > this doc if I have the wrong understanding of "when > > > > > > confidentiality is a concern". Or MUST I always implement > it, > > > > > > because confidentiality is probably very often a concern? > > > > > > > > > > > > I think this is a operator-issue not to be dealt with in the > > > > > > > protocol. I suggest dropping this sentence or at last > > > spell MUST > > > > > > in lower case. > > > > > > > > > > > > > > > > Probably lower case. The point is confidentility is > meaningless > > > > > without authenticaion. > > > > > > > > Well... maybe it is just a wording issue. Are we actually > > REQUIREING > > > a > > > > sender to authenticate the receiver in all cases? If so, > > we should > > > > state that. My impression so far is that this is something that > is > > > optional > > > > and at the discretion of the sender or the operator > > configuring it. > > > If > > > > so, we should state that clearly too. As an implementor, I > > > am unsure > > > > what to do if I use the above text as a guideline. > > > > > > > > > > Standards do not typically require an operator to use the > > > technology in a specific manner; Standards do typically > > > require implementers to implement in a way so that operators > > > CAN configure the technology in the preferred > > (interoperable) manner. > > > > > > MUST is used when the on-the-wire format/information/etc. > > > must be interoperable for the protocol to work properly. > > > > > > I do not like seeing "must" in a document; either it deserves > > > to be a MUST, i.e. it impacts on-the-wire interoperability, > > > or it is an implementation/usage decision and we should not > > > mandate it. If you use a lower case "must", then you'll need > > > to convince me as co-chair that the usage is justifed before > > > I send it to the IESG. > > > > > > Dbh > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ Syslog mailing list [email protected] https://www1.ietf.org/mailman/listinfo/syslog
