<inline> Tom Petch
----- Original Message ----- From: "Miao Fuyou" <[EMAIL PROTECTED]> To: "'Sam Hartman'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, January 31, 2007 5:50 AM Subject: RE: [Syslog] AD Review for draft-ietf-syslog-transport-tls > Hi Sam, > > Thanks for the review! My response is inline. > > Regards, > Miao > > > -----Original Message----- > > From: Sam Hartman [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, January 31, 2007 7:23 AM > > To: [EMAIL PROTECTED] > > Subject: [Syslog] AD Review for draft-ietf-syslog-transport-tls > > > > Hi, folks. I had no comments on the UDP draft or the main > > protocol draft so I have forwarded them to IETF last call. > > > > I do have some concerns with the TLS draft. > > <snip> > > > > Are senders and relays required to have a certificate and to > > use that certificate? > > > > It is not required, but it is preferrable for some deployment where > malicious senders may send lots of messages to overwhelm the receiver. > Sam I have a slightly different view. To quote the I-D, where it says "The sender/relay should initiate a connection to the receiver" I take that as the sender initiates a connection to the receiver if no relay is present or to the relay (when present), the relay (when present) initiates the connection to the receiver (collector). Relay and receiver become TLS Servers and insofar as TLS Servers have certificates, the relay will have one! When the next paragraph says "When a sender/ relay authenticates a receiver it MUST validate the certificate" I take that to mean that the sender authenticates the receiver if no relay is present or the sender authenticates the relay (when present) and the relay authenticates the receiver. relay and sender are TLS clients. I appreciate that this is hop by hop security and not ideal end to end security. Tom Petch > > --Sam > > > > > > _______________________________________________ > > Syslog mailing list > > Syslog@lists.ietf.org > > https://www1.ietf.org/mailman/listinfo/syslog > > > > > > _______________________________________________ > Syslog mailing list > Syslog@lists.ietf.org > https://www1.ietf.org/mailman/listinfo/syslog _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog
