Re: [Syslog] Syslog-sign -protocol
Hi All, On Sun, 13 Aug 2006, Rainer Gerhards wrote: Hi, A general comment: syslog-sign is still based on rfc 3164 and has ist own format definitions. It needs to be edited to utilize the new work in syslog-protocol. It should now use structured data for ist signature blocks. Alex has moved much of it to be conformant with syslog-protocol. The work that needs to be addressed (as I see it :) For the Signature Block, should the payload of signatures be part of the ssign SD-ID, or should it be the payload (behind the BOM)? Right now, it is part of the SD-ID. Similarly, about the ssign-cert and it's payload. I think it likely that the Payload Block can be placed within a single Certificate Block based upon our discussions of the max length. The document needs to define how to use @enterpriseID in some cases. Section 8.2 - the length is no longer limited to 1024B. Section 9 - Cookie Fields are no longer used. The IANA section also needs to specify which SD-IDs and SD-Params should be registered. Should other SD-IDs be included with ssign and ssign-cert SD-IDs? (I think so as that's how we include information about time accuracy, etc.) Thanks, Chris ___ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog
RE: [Syslog] Syslog-sign -protocol
Hi, When can we get an updated revision of syslog-sign? Our current timeline calls for starting WGLC Aug 28. The changes sound sufficiently large that we should definitely try to review the changes before we start a last call on the document. David Harrington [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] co-chair, Syslog WG -Original Message- From: Chris Lonvick [mailto:[EMAIL PROTECTED] Sent: Monday, August 14, 2006 10:33 AM To: Rainer Gerhards Cc: [EMAIL PROTECTED] Subject: Re: [Syslog] Syslog-sign -protocol Hi All, On Sun, 13 Aug 2006, Rainer Gerhards wrote: Hi, A general comment: syslog-sign is still based on rfc 3164 and has ist own format definitions. It needs to be edited to utilize the new work in syslog-protocol. It should now use structured data for ist signature blocks. Alex has moved much of it to be conformant with syslog-protocol. The work that needs to be addressed (as I see it :) For the Signature Block, should the payload of signatures be part of the ssign SD-ID, or should it be the payload (behind the BOM)? Right now, it is part of the SD-ID. Similarly, about the ssign-cert and it's payload. I think it likely that the Payload Block can be placed within a single Certificate Block based upon our discussions of the max length. The document needs to define how to use @enterpriseID in some cases. Section 8.2 - the length is no longer limited to 1024B. Section 9 - Cookie Fields are no longer used. The IANA section also needs to specify which SD-IDs and SD-Params should be registered. Should other SD-IDs be included with ssign and ssign-cert SD-IDs? (I think so as that's how we include information about time accuracy, etc.) Thanks, Chris ___ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog ___ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog
RE: [Syslog] Syslog-sign -protocol
Chris, Sorry, I obviously had a previous copy cached... I've just downloaded a fresh one and started re-reading it. As you say, it already is adapted to syslog-protocol. Let me raise one point without being completely through with it: -sign now supports RFC 3164, 3195 and -protocol format. I see value in that approach (works for each and everything). On the other hand, it may introduce additional complexity, even on the operator side (configuration). Given the fact that -sign code needs to be written from scratch, wouldn't it make sense to limit it to just -protocol format? Rainer -Original Message- From: Chris Lonvick [mailto:[EMAIL PROTECTED] Sent: Monday, August 14, 2006 8:33 AM To: Rainer Gerhards Cc: [EMAIL PROTECTED] Subject: Re: [Syslog] Syslog-sign -protocol Hi All, On Sun, 13 Aug 2006, Rainer Gerhards wrote: Hi, A general comment: syslog-sign is still based on rfc 3164 and has ist own format definitions. It needs to be edited to utilize the new work in syslog-protocol. It should now use structured data for ist signature blocks. Alex has moved much of it to be conformant with syslog-protocol. The work that needs to be addressed (as I see it :) For the Signature Block, should the payload of signatures be part of the ssign SD-ID, or should it be the payload (behind the BOM)? Right now, it is part of the SD-ID. Similarly, about the ssign-cert and it's payload. I think it likely that the Payload Block can be placed within a single Certificate Block based upon our discussions of the max length. The document needs to define how to use @enterpriseID in some cases. Section 8.2 - the length is no longer limited to 1024B. Section 9 - Cookie Fields are no longer used. The IANA section also needs to specify which SD-IDs and SD-Params should be registered. Should other SD-IDs be included with ssign and ssign-cert SD-IDs? (I think so as that's how we include information about time accuracy, etc.) Thanks, Chris ___ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog
[Syslog] Syslog-sign -protocol
Hi, A general comment: syslog-sign is still based on rfc 3164 and has ist own format definitions. It needs to be edited to utilize the new work in syslog-protocol. It should now use structured data for ist signature blocks. rainer ___ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog