[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: SoC: Improve syslogd
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 26 May 2008, Martin Schütte wrote:
>> And if we go a little bit further, there could actually be two value
>> in the first line (or one each in the first two lines). The permission
>> state and the usage, e.g. "CLIENT" and "SERVER". In that case,
>> something flagged as CLIENT could only be used to authenticate a
>> sender, while a "SERVER" flag means we can authenticate the receiver
>> when we send.
>> How does this sound?
> To be honest: complicated.
To be likewise honest, I don't think that fingerprints are the right
level at which to do access control.
I would much rather see access control set at the host level, and then
certificates bound to hosts by one of two methods:
a.) a trust chain (preferred) -- a syslog access config file points to
a trusted certificate, and any client which can trace a trust chain to
that certificate is considered `identified' by name (or IP) (per
the client cert's CN or dnsName. The name (or IP) is then used in
access control decisions
b.) an explicit certificate (worse) -- the syslog config entry
allowing a client to connect also specifies the file containing
that client's cert. No trust negotiation occurs. Access control
decisions are still made by the client's hostname, using the entry
tied to that cert in the access control file
If both of these methods are supported, I think we can support large and
small configs well.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (NetBSD)
-----END PGP SIGNATURE-----
Main Index |
Thread Index |