Re: [Syslog] Syslog-sign: Certificate chains?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Syslog] Syslog-sign: Certificate chains?
Pasi.Eronen at nokia.com schrieb:
Most IETF protocols that send certificates around support sending
certificate chains, too. Should syslog-sign support this, too?
If not, why?
As Jon said it is not required for the signing as such.
But both PKIX and OpenPGP keys can be signed and users might have a
security policy to verify the keys used for signing.
To encourage this in verification tools we could suggest a key
verification in Section 7 (Efficient Verification of Logs) or Section
8.9 (Man In The Middle Attacks).
--
Martin
_______________________________________________
Syslog mailing list
Syslog at ietf.org
https://www.ietf.org/mailman/listinfo/syslog
Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.
