Date: Sat, 03 Dec 2011 00:26:24 +0100 From: =?UTF-8?B?TWFydGluIFNjaMO8dHRl?= <lists@mschuette.name> To: freebsd-hackers@freebsd.org Subject: Re: To implement RFC 5848 (Signed Syslog Messages)? Message-ID: <4ED95EA0.4000709@mschuette.name> In-Reply-To: <CAGsORuDAZp9FwA=%2BYFgyc4ugeziD_2sf0SpDY6=x5unfgtHd3Q@mail.gmail.com> References: <CAGsORuCg2VEZ=zaHS%2BLGCecusUDZxyy3wB9wHQqC_XcPjwdpSg@mail.gmail.com> <4ED95086.3040107@mschuette.name> <CAGsORuDAZp9FwA=%2BYFgyc4ugeziD_2sf0SpDY6=x5unfgtHd3Q@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/02/11 23:45, Zhihao Yuan wrote: >> In 2008 I implemented the syslog RFCs for NetBSD's syslogd, so if you > That's an amazing work. Did you compared those documents (they were > drafts in 08') with the final versions? Any differences? I followed the IETF process and as far as I know there are two major differences: a) For syslog-sign I encoded signatures with a PEM format in the way of X.509/OpenSSL, but the final RFC specifies an OpenPGP-like encoding. b) For TLS transport the rules for peer certificate verification (always a very confusing problem) were discussed and modified in the later drafts. Most notably the RFC requires support for wildcards in DNS names, which is not implemented. -- Martin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4ED95EA0.4000709>