Hi Chris,
I've taken a look at this document, and I have just two comments. In
section 4.2.2:
A client's certificate must be associated with a unique private key .
Private keys MUST NOT be shared between clients.
This is not part of the protocol, often beyond the control of the syslog
implementor, and hence should be stricken. If you want to have a
discussion about the shared use of private keys, please move it into
Security Considerations with non-normative text.
Similarly, Section 4.2.3 overreaches:
Syslog applications MUST be implemented in a manner that permits
administrators, as a matter of local policy, to select the
cryptographic level and authentication options they desire.
While I understand the desire for algorithm agility, this may not be
possible in embedded applications. I would state this as a SHOULD.
Eliot
_______________________________________________
Syslog mailing list
Syslog@lists.ietf.org
https://www1.ietf.org/mailman/listinfo/syslog
