[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: SoC: Improve syslogd
Rainer Gerhards schrieb:
You want the syslogd to write new fingerprints into the directory?
I do not think that is a good idea. First it should not be allowed to do so
and have only read access to that directory (or any configuration).
But more important: where is the benefit of having 10 fingerprints with
content "UNKNOWN" there?
These could be displayed to a user as new connection requests. Then,
the user can authorize them or deny access.
"Display to the user" means "get recorded in a syslog entry".
Say I find a new fingerprint in my log, and I want to add it as a trust
anchor. Then i can either a) create the file/add it to a
textfile/whatever; or b) use cut&paste to find the newly created file
and edit it.
I do not think one method is easier than the other, but the first one
clearly shows the 'good' fingeprints while the second always requires a
grep to be useful.
And I am still undecided wether
client/server certs are worth the effort. (Not only in implementing but also
in administering as a user.)
What exactly do you mean - different certs for client and server use?
Different certificate lists for outgoing connections (client role) and
incoming connections (server role).
Main Index |
Thread Index |