> > 1) transport level implements security mechanisms on a per > hop-by-hop > > basis, the message itself is not authenticated, each of the relay > > stations can modify the message > > > > 2) syslog-sign implements per-message, end-to-end > authenticity where the > > relay hosts cannot modify messages as they are individually > signed by > > their origin. > > > > So I'd go with using TLS/DTLS on the transport first and > then possibly > > adapting syslog-sign when the transport issues are resolved. > > (1) and (2) are complimentary and one do not exclude the other > from being necessary.
That's right. But if I need to pick one, I'd go for TLS/DTLS, because I think that encryption is more desirable. If we include two deliverables in the charter, we can go for both of them. As Sam suggested, the threat model and what we think of being most important (to address) is the core need to do. I think Chris is already working on something and I'd like to hear the chair's comment before we go into detail. Rainer _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog
