Joe, I am implementing fingerprint authentication. I have some trouble understanding this text:
=== Both client and server implementations MUST make the certificate fingerprint available through a management interface. If no other certificate is configured, both client and server implementations MUST support generating a key pair and self-signed certificate. === Especially the "If no other certificate is configured..." part puzzles me. Does that mean that if no certificate is configured, the syslogd is responsible for generating a self-signed certificate automatically? If so, I have concerns if that is the right thing to do. I think certificates should always be generated by an operator. Or does it mean that there must be a management interface to generate self-signed certificates? If so, I assume that this management interface may reside outside of the core syslogd. In rsyslog, I will provide some tools to generate self-signed certificates and obtain the fingerprints (you may want to look at the rough prototypes if I made myself not clear enough: http://git.adiscon.com/?p=rsyslog.git;a=tree;f=tools/gnutls;h=1abb246805 546ebd2f1f008a3cf256d5c76b7cbc;hb=HEAD ). Rainer _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
