Hi Chris, I just checked that archive. The message is scrambled there:
http://www.ietf.org/mail-archive/web/syslog/current/msg01861.html http://www.ietf.org/mail-archive/web/syslog/current/msg01862.html The complete one is containend in my blogpost at http://rgerhards.blogspot.com/2008/05/more-on-syslog-tls-policies-and-ie tf.html Rainer > -----Original Message----- > From: Chris Lonvick [mailto:[EMAIL PROTECTED] > Sent: Friday, May 09, 2008 8:07 PM > To: Rainer Gerhards > Cc: Joseph Salowey (jsalowey); [email protected] > Subject: Missing email? was: Re: [Syslog] -transport-tls-12, > section 4.2.3 (fingerprints) > > Hi Rainer, > > I'm also seeing the list behave slowly. I don't think that I saw any > message like that. Can you check the archive and let us know > if it's in > there? > > Thanks, > Chris > > On Fri, 9 May 2008, Rainer Gerhards wrote: > > > Joe and Chris, > > > > the mailing list processor seems to be a bit slow these > days. I sent a > > long note this morning telling that I see value in automatically > > generated self-signed certs. That mail also outlines when and why. > > > > Please let me know if you did not receive it. > > > > Thanks, > > Rainer > > > >> -----Original Message----- > >> From: Joseph Salowey (jsalowey) [mailto:[EMAIL PROTECTED] > >> Sent: Friday, May 09, 2008 6:40 PM > >> To: Rainer Gerhards > >> Cc: [email protected] > >> Subject: RE: -transport-tls-12, section 4.2.3 (fingerprints) > >> > >> > >> <snip> > >>>> [Joe] I don't know that we need to restrict this to a particular > >>>> implementation. I think it would be good to provide a management > >>>> interface to do the generation. It seems that it would be an > >>>> acceptable implementation to auto-generate it as well. > >>> > >>> [Rainer] As long as the syslogd is not required to > >>> auto-generate certs, I am happy enough ;) > >>> > >>> However, I wonder why it would be useful to auto-generate certs. > >>> Probably I am overlooking somehting obvious. But: isn't cert > >>> auto-generation equal to no authentication? After all, if a > >>> *self-signed* cert is generated by the remote peer AND we > >>> accept it, doesn't that essentially mean we accept any peer > >>> because the peer can put whatever it likes into the cert? I > >>> do not see why this is any better than having no cert at all... > >>> > >> [Joe] When I was thinking of auto-generation I was expecting the > >> certificate to be persistent and the fingerprint would be > available to > >> be communicated out of band to the verifier. If you generate a new > >> cert > >> each time the process starts and the other side does not know the > >> fingerprint then what you say is true. > >> > >>> Rainer > >>> > > _______________________________________________ > > Syslog mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/syslog > > > _______________________________________________ Syslog mailing list [email protected] https://www.ietf.org/mailman/listinfo/syslog
