IETF Logo Mail Archive

Re: [Syslog] why fingerprints? (Re: I-DAction:draft-ietf-syslog-transport-tls-12.txt)

"Joseph Salowey (jsalowey)" <jsalowey@cisco.com> Mon, 12 May 2008 03:51 UTC

Return-Path: <syslog-bounces@ietf.org>
X-Original-To: syslog-archive@megatron.ietf.org
Delivered-To: ietfarch-syslog-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 77DEC3A6B2F; Sun, 11 May 2008 20:51:06 -0700 (PDT)
X-Original-To: syslog@core3.amsl.com
Delivered-To: syslog@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id ABA493A6B2F for <syslog@core3.amsl.com>; Sun, 11 May 2008 20:51:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.34
X-Spam-Level:
X-Spam-Status: No, score=-6.34 tagged_above=-999 required=5 tests=[AWL=-0.041, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DYgNC-zj41Fy for <syslog@core3.amsl.com>; Sun, 11 May 2008 20:51:03 -0700 (PDT)
Received: from sj-iport-3.cisco.com (sj-iport-3.cisco.com [171.71.176.72]) by core3.amsl.com (Postfix) with ESMTP id B73903A63CB for <syslog@ietf.org>; Sun, 11 May 2008 20:51:03 -0700 (PDT)
Received: from sj-dkim-4.cisco.com ([171.71.179.196]) by sj-iport-3.cisco.com with ESMTP; 11 May 2008 20:51:00 -0700
Received: from sj-core-5.cisco.com (sj-core-5.cisco.com [171.71.177.238]) by sj-dkim-4.cisco.com (8.12.11/8.12.11) with ESMTP id m4C3p0Hv031912; Sun, 11 May 2008 20:51:00 -0700
Received: from xbh-sjc-231.amer.cisco.com (xbh-sjc-231.cisco.com [128.107.191.100]) by sj-core-5.cisco.com (8.13.8/8.13.8) with ESMTP id m4C3p0ZV019242; Mon, 12 May 2008 03:51:00 GMT
Received: from xmb-sjc-225.amer.cisco.com ([128.107.191.38]) by xbh-sjc-231.amer.cisco.com with Microsoft SMTPSVC(6.0.3790.1830); Sun, 11 May 2008 20:51:00 -0700
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Sun, 11 May 2008 20:51:49 -0700
Message-ID: <AC1CFD94F59A264488DC2BEC3E890DE505C9586B@xmb-sjc-225.amer.cisco.com>
In-Reply-To: <4825DC61.9000000@mschuette.name>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Syslog] why fingerprints? (Re: I-DAction:draft-ietf-syslog-transport-tls-12.txt)
Thread-Index: AciyyzBK3Eg/SPJeQ++EJviVy9+E5gBFvSUA
References: <20080507150001.D3CB428C65B@core3.amsl.com> <4825DC61.9000000@mschuette.name>
From: "Joseph Salowey (jsalowey)" <jsalowey@cisco.com>
To: Martin Schütte <lists@mschuette.name>, syslog@ietf.org
X-OriginalArrivalTime: 12 May 2008 03:51:00.0673 (UTC) FILETIME=[64989B10:01C8B3E3]
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=1808; t=1210564260; x=1211428260; c=relaxed/simple; s=sjdkim4002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=jsalowey@cisco.com; z=From:=20=22Joseph=20Salowey=20(jsalowey)=22=20<jsalowey@ci sco.com> |Subject:=20RE=3A=20[Syslog]=20why=20fingerprints?=20(Re=3A =20I-DAction=3Adraft-ietf-syslog-transport-tls-12.txt) |Sender:=20; bh=1PsbGtPI/taYhu3Lkc3wt+B4JIDL2Y9R+RXtcxTufy8=; b=iZi6FdB8daoJIiLDoPmNmAxEVJ4L29kQ3RzydKimSZ9N0r00WzsRA4zljg 4mKeBxCtdwPc7aVVi6p+LqgGvAnRimwfOl93Oo6NV52CZjDsfwIlgaUz8kSl 2MliibjDO3;
Authentication-Results: sj-dkim-4; header.From=jsalowey@cisco.com; dkim=pass ( sig from cisco.com/sjdkim4002 verified; );
Subject: Re: [Syslog] why fingerprints? (Re: I-DAction:draft-ietf-syslog-transport-tls-12.txt)
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Sender: syslog-bounces@ietf.org
Errors-To: syslog-bounces@ietf.org

 

> -----Original Message-----
> From: syslog-bounces@ietf.org 
> [mailto:syslog-bounces@ietf.org] On Behalf Of Martin Schütte
> Sent: Saturday, May 10, 2008 10:33 AM
> To: syslog@ietf.org
> Subject: [Syslog] why fingerprints? (Re: 
> I-DAction:draft-ietf-syslog-transport-tls-12.txt)
> 
> >    o  Certificate fingerprints: For each transport 
> receiver, the client
> >       is configured with a fingerprint of the server's certificate
> >       (which can be self-signed).  This option MUST be supported.
> 
> Am I the only one who finds this whole fingerprint option 
> completely unnecessary?
> Is this practice actually used somewhere? I have not heard 
> about this before and get the impression it is only a bad 
> substitute for copying the peer's certificate.
> 
[Joe] Fingerprints are essentially equivalent to obtaining the peers certificate.  The main advantage a fingerprint has is that it is easier both communicate and perform comparison when a human being is involved.  The main reason for specifying the format is so something that is exported from one implementation can be input into another.  As has been pointed out on the list there can be other ways of obtaining the necessary peer certificate information.  To some user communities fingerprints would be familiar and convenient.  

Certificate fingerprints are used in several places today.  For example, in most web browsers you can view the fingerprint of a server certificate.  In addition SSH uses a similar fingerprint concept for public keys without X.509 certificates.   


> --
> Martin
> 
> _______________________________________________
> Syslog mailing list
> Syslog@ietf.org
> https://www.ietf.org/mailman/listinfo/syslog
> 
_______________________________________________
Syslog mailing list
Syslog@ietf.org
https://www.ietf.org/mailman/listinfo/syslog

v2.23.0 | Report a Bug | By Email