Re: SoC: Improve syslogd

[Jim Wise <jwise%draga.com@localhost>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 26 May 2008, Martin Schütte wrote:

>> And if we go a little bit further, there could actually be two value
>> in the first line (or one each in the first two lines). The permission
>> state and the usage, e.g. "CLIENT" and "SERVER". In that case,
>> something flagged as CLIENT could only be used to authenticate a
>> sender, while a "SERVER" flag means we can authenticate the receiver
>> when we send.
>
>> How does this sound?
>
> To be honest: complicated.

To be likewise honest, I don't think that fingerprints are the right 
level at which to do access control.

I would much rather see access control set at the host level, and then 
certificates bound to hosts by one of two methods:

  a.) a trust chain (preferred) -- a syslog access config file points to 
      a trusted certificate, and any client which can trace a trust chain to
      that certificate is considered `identified' by name (or IP) (per 
      the client cert's CN or dnsName.  The name (or IP) is then used in
      access control decisions

  b.) an explicit certificate (worse) -- the syslog config entry 
      allowing a client to connect also specifies the file containing
      that client's cert.  No trust negotiation occurs.  Access control
      decisions are still made by the client's hostname, using the entry
      tied to that cert in the access control file

If both of these methods are supported, I think we can support large and 
small configs well.

- -- 
                                Jim Wise
                                jwise%draga.com@localhost
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (NetBSD)

iD8DBQFIPbHlq/KRbT0KwbwRAppfAJoD3fzPd2ZLej3nbm3D33C/iH0N0gCaAig5
K/x/D23rWC3ybyPUvs7SZho=
=rdTk
-----END PGP SIGNATURE-----