Hi Rainer, I'm also seeing the list behave slowly. I don't think that I saw any message like that. Can you check the archive and let us know if it's in there?
Thanks, Chris On Fri, 9 May 2008, Rainer Gerhards wrote: > Joe and Chris, > > the mailing list processor seems to be a bit slow these days. I sent a > long note this morning telling that I see value in automatically > generated self-signed certs. That mail also outlines when and why. > > Please let me know if you did not receive it. > > Thanks, > Rainer > >> -----Original Message----- >> From: Joseph Salowey (jsalowey) [mailto:[EMAIL PROTECTED] >> Sent: Friday, May 09, 2008 6:40 PM >> To: Rainer Gerhards >> Cc: [email protected] >> Subject: RE: -transport-tls-12, section 4.2.3 (fingerprints) >> >> >> <snip> >>>> [Joe] I don't know that we need to restrict this to a particular >>>> implementation. I think it would be good to provide a management >>>> interface to do the generation. It seems that it would be an >>>> acceptable implementation to auto-generate it as well. >>> >>> [Rainer] As long as the syslogd is not required to >>> auto-generate certs, I am happy enough ;) >>> >>> However, I wonder why it would be useful to auto-generate certs. >>> Probably I am overlooking somehting obvious. But: isn't cert >>> auto-generation equal to no authentication? After all, if a >>> *self-signed* cert is generated by the remote peer AND we >>> accept it, doesn't that essentially mean we accept any peer >>> because the peer can put whatever it likes into the cert? I >>> do not see why this is any better than having no cert at all... >>> >> [Joe] When I was thinking of auto-generation I was expecting the >> certificate to be persistent and the fingerprint would be available to >> be communicated out of band to the verifier. If you generate a new >> cert >> each time the process starts and the other side does not know the >> fingerprint then what you say is true. >> >>> Rainer >>> > _______________________________________________ > Syslog mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/syslog > _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
