RE: [Syslog] Summary of the syslog/tls issues resolving
Balazs Scheidler <bazsi@balabit.hu> Sun, 30 April 2006 13:14 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FaBl8-00005R-EI; Sun, 30 Apr 2006 09:14:46 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FaBl6-00005M-TG for syslog@ietf.org; Sun, 30 Apr 2006 09:14:44 -0400
Received: from balabit.hu ([195.70.34.196]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FaBl5-00023q-Iq for syslog@ietf.org; Sun, 30 Apr 2006 09:14:44 -0400
Subject: RE: [Syslog] Summary of the syslog/tls issues resolving
From: Balazs Scheidler <bazsi@balabit.hu>
To: Miao Fuyou <miaofy@huawei.com>
In-Reply-To: <000301c66c38$b571a490$50726e0a@china.huawei.com>
References: <000301c66c38$b571a490$50726e0a@china.huawei.com>
Content-Type: text/plain
Date: Sun, 30 Apr 2006 15:14:56 +0200
Message-Id: <1146402896.8357.10.camel@bzorp.balabit>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 1ac7cc0a4cd376402b85bc1961a86ac2
Cc: 'David B Harrington' <dbharrington@comcast.net>, syslog@ietf.org
X-BeenThere: syslog@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.lists.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@lists.ietf.org>
List-Help: <mailto:syslog-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@lists.ietf.org?subject=subscribe>
Errors-To: syslog-bounces@lists.ietf.org
On Sun, 2006-04-30 at 17:30 +0800, Miao Fuyou wrote: > Another problem of using DNS is: name resolution itself is not secure if > DNSSEC is not used (true im most cases). Dependency on DNS may introduce new > security vulnerable to Syslog/TLS. > > Client should use knowledge a priori to check server's certificate, such as > URL, if it is available. Yes, you need forward DNS resolution in this case too. (e.g. hostname in URL -> IP address) -- Bazsi _______________________________________________ Syslog mailing list Syslog@lists.ietf.org https://www1.ietf.org/mailman/listinfo/syslog
- [Syslog] Summary of the syslog/tls issues resolvi… Miao Fuyou
- RE: [Syslog] Summary of the syslog/tls issues res… Anton Okmianski (aokmians)
- RE: [Syslog] Summary of the syslog/tls issues res… Miao Fuyou
- RE: [Syslog] Summary of the syslog/tls issues res… Anton Okmianski (aokmians)
- RE: [Syslog] Summary of the syslog/tls issues res… Chris Lonvick
- RE: [Syslog] Summary of the syslog/tls issues res… Miao Fuyou
- RE: [Syslog] Summary of the syslog/tls issues res… Balazs Scheidler
- RE: [Syslog] Summary of the syslog/tls issues res… Anton Okmianski (aokmians)
- RE: [Syslog] Summary of the syslog/tls issues res… Balazs Scheidler
- RE: [Syslog] Summary of the syslog/tls issues res… David B Harrington
- RE: [Syslog] Summary of the syslog/tls issues res… Balazs Scheidler
- RE: [Syslog] Summary of the syslog/tls issues res… Miao Fuyou
- RE: [Syslog] Summary of the syslog/tls issues res… Balazs Scheidler
- RE: [Syslog] Summary of the syslog/tls issues res… Miao Fuyou