Re: [Syslog] transport-tls-11 review

2008-01-11 Thread tom.petch
TED]>; "'Rainer Gerhards'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, January 10, 2008 12:00 AM Subject: RE: [Syslog] transport-tls-11 review > > Thanks for your comments! Response inline. > > > -Original Message- > > From: t

Re: [Syslog] transport-tls-11 review

2008-01-10 Thread Richard Graveman
> > > > > 5.2. Cipher Suites > > > > Operators MAY choose to disable older/weaker cipher > > suites for TLS > >despite the tradeoff of interoperability, for example, if > > the cipher > >suite specified in the specification is found weak in the future. > > > > **suggest > > > > Op

RE: [Syslog] transport-tls-11 review

2008-01-09 Thread Miao Fuyou
Thanks for your comments! Response inline. > -Original Message- > From: tom.petch [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 28, 2007 9:13 AM > To: Miao Fuyou; 'Rainer Gerhards'; [EMAIL PROTECTED] > Subject: Re: [Syslog

Re: [Syslog] transport-tls-11 review

2007-11-30 Thread tom.petch
'" <[EMAIL PROTECTED]>; "syslog" <[EMAIL PROTECTED]> Sent: Friday, November 30, 2007 12:18 PM Subject: Re: [Syslog] transport-tls-11 review > On Fri, Nov 30, 2007 at 11:13:04AM +0100, tom.petch wrote: > > > Also, there are forms of TLS with authenticatio

Re: [Syslog] transport-tls-11 review

2007-11-30 Thread Juergen Schoenwaelder
On Fri, Nov 30, 2007 at 11:13:04AM +0100, tom.petch wrote: > Also, there are forms of TLS with authentication where no > certificates are required and we should cater for those; they may > become - I hope - quite widespread. Can you be more concrete what you have in mind? /js -- Juergen Schoe

Re: [Syslog] transport-tls-11 review

2007-11-30 Thread tom.petch
- Original Message - From: "David Harrington" <[EMAIL PROTECTED]> To: "'tom.petch'" <[EMAIL PROTECTED]>; "'Miao Fuyou'" <[EMAIL PROTECTED]>; "'Rainer Gerhards'" <[EMAIL PROTECTED]>; <[EMAIL PRO

RE: [Syslog] transport-tls-11 review

2007-11-28 Thread David Harrington
dbh > -Original Message- > From: tom.petch [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 28, 2007 12:13 PM > To: Miao Fuyou; 'Rainer Gerhards'; [EMAIL PROTECTED] > Subject: Re: [Syslog] transport-tls-11 review > > > > > > > > === > >

Re: [Syslog] transport-tls-11 review

2007-11-28 Thread tom.petch
> > > > === > > The server MUST be implemented to support certificate and certificate > >generation, > > === > > > > I do not think it is a MUST that a server must contain code > > to generate certificates. This should be left to the > > implementation. There is already the requirement to use

RE: [Syslog] transport-tls-11 review

2007-11-27 Thread Rainer Gerhards
Hi Miao, a few comments, rest snipped... > > Section 1.1: shouldn't it simply refer to -protocol for terms > > defined there? I think it makes it more consistent. > > Agree, so we should only leave "TLS client" and "TLS server" to be > define in > Syslog/TLS darft, right? That is my suggestion.

RE: [Syslog] transport-tls-11 review

2007-11-27 Thread Miao Fuyou
Hi Rainer, Thanks for our comments, in-line, Regards, Miao > -Original Message- > From: Rainer Gerhards [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 21, 2007 12:24 AM > To: [EMAIL PROTECTED] > Subject: [Syslog] transport-tls-11 review > > Hi all, > &

[Syslog] transport-tls-11 review

2007-11-21 Thread Rainer Gerhards
Hi all, I reviewed tls-11 today. Some notes: Section 1.1: shouldn't it simply refer to -protocol for terms defined there? I think it makes it more consistent. Section 4.2: === Authentication in this specification means that the recipient of a certificate must actually validate the cert