[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: SoC: Improve syslogd
Rainer Gerhards schrieb:
You could always use
Yes, but that would make some future protocol change even harder.
Unless the protocol is always given as a "(option)". :-/
What if I wanted to use a syslog-transport-sctp? Increase to "@@@"?
The bigger question is how you intend to handle the authorization
issues that come along with -transport-tls. For example, how do you
specify the remote client names that a sender is permitted to listen
to. Or how to specify if you use name, fingerprint or anonymous
authentication. The current rsyslog approach works, but is ugly.
I think for syslogd it is sufficient to use one global list of trusted
So the configuration can use a single CA cert:
or a directory with trust anchors (trusted CA and/or client certs)
To support fingerprints I imagine to either list them in syslog.conf
or to use the file system and have them inside the CertDirectory to be
Main Index |
Thread Index |