To implement RFC 5848 (Signed Syslog Messages)?
Martin Schütte
lists at mschuette.name
Fri Dec 2 23:26:29 UTC 2011
On 12/02/11 23:45, Zhihao Yuan wrote:
>> In 2008 I implemented the syslog RFCs for NetBSD's syslogd, so if you
> That's an amazing work. Did you compared those documents (they were
> drafts in 08') with the final versions? Any differences?
I followed the IETF process and as far as I know there are two major
differences:
a) For syslog-sign I encoded signatures with a PEM format in the way of
X.509/OpenSSL, but the final RFC specifies an OpenPGP-like encoding.
b) For TLS transport the rules for peer certificate verification (always
a very confusing problem) were discussed and modified in the later
drafts. Most notably the RFC requires support for wildcards in DNS
names, which is not implemented.
--
Martin
More information about the freebsd-hackers
mailing list