IETF Logo Mail Archive

Re: [Syslog] Fingerprint/handshake

Balazs Scheidler <bazsi@balabit.hu> Thu, 29 May 2008 08:12 UTC

Return-Path: <syslog-bounces@ietf.org>
X-Original-To: syslog-archive@megatron.ietf.org
Delivered-To: ietfarch-syslog-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0520B3A696F; Thu, 29 May 2008 01:12:10 -0700 (PDT)
X-Original-To: syslog@core3.amsl.com
Delivered-To: syslog@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 21A5B3A6918 for <syslog@core3.amsl.com>; Thu, 29 May 2008 01:12:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 2.595
X-Spam-Level: **
X-Spam-Status: No, score=2.595 tagged_above=-999 required=5 tests=[HELO_EQ_HU=1.35, HOST_EQ_HU=1.245]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Px8prVjtx9i for <syslog@core3.amsl.com>; Thu, 29 May 2008 01:12:08 -0700 (PDT)
Received: from lists.balabit.hu (support.balabit.hu [195.70.41.86]) by core3.amsl.com (Postfix) with ESMTP id 50BDC3A696F for <syslog@ietf.org>; Thu, 29 May 2008 01:12:07 -0700 (PDT)
Received: from balabit.hu (unknown [10.80.0.254]) by lists.balabit.hu (Postfix) with ESMTP id 0DBBE2760CE for <syslog@ietf.org>; Thu, 29 May 2008 10:12:04 +0200 (CEST)
From: Balazs Scheidler <bazsi@balabit.hu>
To: Rainer Gerhards <rgerhards@hq.adiscon.com>
In-Reply-To: <577465F99B41C842AAFBE9ED71E70ABA3090E1@grfint2.intern.adiscon.com>
References: <003901c8b9f7$b671959d$060013ac@intern.adiscon.com> <AC1CFD94F59A264488DC2BEC3E890DE505DFD8E5@xmb-sjc-225.amer.cisco.com> <577465F99B41C842AAFBE9ED71E70ABA309090@grfint2.intern.adiscon.com> <AC1CFD94F59A264488DC2BEC3E890DE505E7E825@xmb-sjc-225.amer.cisco.com> <577465F99B41C842AAFBE9ED71E70ABA3090E1@grfint2.intern.adiscon.com>
Date: Thu, 29 May 2008 10:12:04 +0200
Message-Id: <1212048724.28540.29.camel@bzorp.balabit>
Mime-Version: 1.0
Cc: syslog@ietf.org
Subject: Re: [Syslog] Fingerprint/handshake
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: syslog-bounces@ietf.org
Errors-To: syslog-bounces@ietf.org

On Thu, 2008-05-29 at 09:45 +0200, Rainer Gerhards wrote:
> Inline...
> > -----Original Message-----
> > From: Joseph Salowey (jsalowey) [mailto:jsalowey@cisco.com]
> > Sent: Thursday, May 29, 2008 2:32 AM
> > To: Rainer Gerhards; syslog@ietf.org
> > Subject: RE: [Syslog] Fingerprint/handshake
> > 
> > Hi Rainer,
> > 
> > A TLS alert could be sent by the server indicating the error condition.
> > Would this help?

> That's an interesting idea. Let me give it a try. Will provide feedback when I have done this. In any case, if it turns out to be a problem with one library, we may be better of mandating that all verification is done during the handshake...

By the way, I've read in your implementation report that it is not
possible to terminate the handshake with OpenSSL either. This is not the
case, you can do that.

-- 
Bazsi

_______________________________________________
Syslog mailing list
Syslog@ietf.org
https://www.ietf.org/mailman/listinfo/syslog

v2.23.0 | Report a Bug | By Email