----- Original Message ----- From: "Juergen Schoenwaelder" <[EMAIL PROTECTED]> To: "tom.petch" <[EMAIL PROTECTED]> Cc: "David Harrington" <[EMAIL PROTECTED]>; "'Miao Fuyou'" <[EMAIL PROTECTED]>; "'Rainer Gerhards'" <[EMAIL PROTECTED]>; "syslog" <[EMAIL PROTECTED]> Sent: Friday, November 30, 2007 12:18 PM Subject: Re: [Syslog] transport-tls-11 review
> On Fri, Nov 30, 2007 at 11:13:04AM +0100, tom.petch wrote: > > > Also, there are forms of TLS with authentication where no > > certificates are required and we should cater for those; they may > > become - I hope - quite widespread. > > Can you be more concrete what you have in mind? > Using SRP for TLS Authentication, http://www.ietf.org/internet-drafts/draft-ietf-tls-srp-14.txt is one such; it allows for server certificates and for the absence thereof. Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) ftp://ftp.rfc-editor.org/in-notes/rfc4279.txt is another but, as it points out, If the main goal is to avoid Public-Key Infrastructures (PKIs), another possibility worth considering is using self-signed certificates with public key fingerprints. Tom Petch > /js > > -- > Juergen Schoenwaelder Jacobs University Bremen gGmbH > Phone: +49 421 200 3587 Campus Ring 1, 28759 Bremen, Germany > Fax: +49 421 200 3103 <http://www.jacobs-university.de/> _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog