2002-12-17-13:42:38 Marshall Rose: > Bennett Todd: > > [ use SSL for auth and encryption ] > > and this works great, right until someone decides they have a requirement for a > security technology not met by ssl, at which point it's fatal.
Well, it's fatal, or else it's not. If an additional function, not currently provided by SSL, should turn out to be needed, careful design would be required; and if there's any chance that that function might be useful to other services _besides_ simple logging, it'd be nicer to add it to some future release of TLS, rather than restricting it to one particular passenger app. > there's 20 years of experience in designing application protocols > that says you want to make stuff like this negotiatiable. just > picking one (and having an option to turn it on or off) lacks > durability... SSL itself has an elaborate negotiation phase. And if it should turn out to be desireable to add some new function that really must be in the payload rather than the transport, negotiate it by extending the payload format. At the moment we've got two possibilities on the plate. Syslog Classic records start with [ADFJMNOS]; the proposal on the table would add the possibility of [0-9] for ISO 8601 / RFC 3339 timestamps; if some other funky payload varient were needed, we'd just need to start 'em with some other character. -Bennett
