[Syslog] Comments on syslog-sign-26

[WashamFan <Washam.Fan at huaweisymantec.com>]

Hi,

I'd like issue some concerns here.

1. the text below is from sec 4.2.4

   Note that the Global Block Counter crosses Signature Groups; it
   allows one to roughly synchronize when two messages were sent, even
   though they went to different collectors and are part of different
   Signature Groups.

But I am still not quite clear about what the GBC field is for. IMO,
removing this field does not matter much. Or could you elaborate
on how it help sync?

2. sec 6.1.1:

Does certResendDelay or certResendCount refine the resending
behavior after the first normal message is sent or before that or
both? Are you saying resending Payload periodically in a long lived
reboot session?

3. sec 6.1.2:

Why not introduce a param called sigMaxCount to specify the 
max count of hashes in a Signature Block message?

4. signer vs. originator
an originator is specified as (hostname, app-name, procid) triple.
So does a signer? If yes. then an originator can not have multiple
signers in the same time, but multiple originators can share the
same signer. In the latter case, should every originator exchange
its Payload independently?

washam