IETF Logo Mail Archive

Re: [Syslog] Some revised text for syslog TLS

<Pasi.Eronen@nokia.com> Thu, 29 May 2008 00:41 UTC

Return-Path: <syslog-bounces@ietf.org>
X-Original-To: syslog-archive@megatron.ietf.org
Delivered-To: ietfarch-syslog-archive@core3.amsl.com
Received: from [127.0.0.1] (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 79BA83A685F; Wed, 28 May 2008 17:41:33 -0700 (PDT)
X-Original-To: syslog@core3.amsl.com
Delivered-To: syslog@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 58C903A680C for <syslog@core3.amsl.com>; Wed, 28 May 2008 17:41:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.354
X-Spam-Level:
X-Spam-Status: No, score=-6.354 tagged_above=-999 required=5 tests=[AWL=0.245, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YSRfmr5uws5l for <syslog@core3.amsl.com>; Wed, 28 May 2008 17:41:31 -0700 (PDT)
Received: from mgw-mx03.nokia.com (smtp.nokia.com [192.100.122.230]) by core3.amsl.com (Postfix) with ESMTP id C92A43A6CDD for <syslog@ietf.org>; Wed, 28 May 2008 17:41:16 -0700 (PDT)
Received: from esebh106.NOE.Nokia.com (esebh106.ntc.nokia.com [172.21.138.213]) by mgw-mx03.nokia.com (Switch-3.2.6/Switch-3.2.6) with ESMTP id m4T0fKIB023916; Thu, 29 May 2008 03:41:21 +0300
Received: from vaebh103.NOE.Nokia.com ([10.160.244.24]) by esebh106.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 29 May 2008 03:41:20 +0300
Received: from vaebe104.NOE.Nokia.com ([10.160.244.59]) by vaebh103.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 29 May 2008 03:41:20 +0300
x-mimeole: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Date: Thu, 29 May 2008 03:41:19 +0300
Message-ID: <1696498986EFEC4D9153717DA325CB72C23647@vaebe104.NOE.Nokia.com>
In-Reply-To: <1211989828.16825.14.camel@rgf9dev.intern.adiscon.com>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: [Syslog] Some revised text for syslog TLS
Thread-Index: AcjA25o5SvsKHLcmRiu2OdsTwNcRMgARPIcw
References: <AC1CFD94F59A264488DC2BEC3E890DE505DFD90C@xmb-sjc-225.amer.cisco.com><577465F99B41C842AAFBE9ED71E70ABA309093@grfint2.intern.adiscon.com><007701c8c015$2e530ca0$0601a8c0@allison><577465F99B41C842AAFBE9ED71E70ABA3090C1@grfint2.intern.adiscon.com><009a01c8c0ca$14fb4f00$0601a8c0@allison> <1211989828.16825.14.camel@rgf9dev.intern.adiscon.com>
From: Pasi.Eronen@nokia.com
To: rgerhards@hq.adiscon.com
X-OriginalArrivalTime: 29 May 2008 00:41:20.0342 (UTC) FILETIME=[B669A760:01C8C124]
X-Nokia-AV: Clean
Cc: syslog@ietf.org
Subject: Re: [Syslog] Some revised text for syslog TLS
X-BeenThere: syslog@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Issues in Network Event Logging <syslog.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/syslog>
List-Post: <mailto:syslog@ietf.org>
List-Help: <mailto:syslog-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/syslog>, <mailto:syslog-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: syslog-bounces@ietf.org
Errors-To: syslog-bounces@ietf.org

Rainer Gerhards wrote:

> May it be a good work-around to simply use the reverse DNS ptr names
> as the subject alt name?

No, I don't think this would be a good work-around. An implementation
should never compare the result of a PTR lookup against a host name in
the certificate (doing so would give the impression that it's done for
some security reason, but it doesn't seem to provide any security
benefit).

Best regards,
Pasi
_______________________________________________
Syslog mailing list
Syslog@ietf.org
https://www.ietf.org/mailman/listinfo/syslog

v2.23.0 | Report a Bug | By Email