tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: SoC: Improve syslogd



On Mon, May 26, 2008 at 10:20 PM, Joerg Sonnenberger
<joerg%britannica.bec.de@localhost> wrote:
> On Mon, May 26, 2008 at 09:59:39PM +0200, Rainer Gerhards wrote:
>> The standard demands that each server is
>> authenticated. It doesn't demand that operators really use that, but
>> the implementation must support it and do so by default.
>
> That's fine. I mean that each host running syslogd has a single
> certificate to authenticate itself to others. That should be good enough
> for most purposes.

I fully agree. The rest should be very special cases.

>> Is it actually the only TLS library or is it the default one (so no
>> GnuTLS or NSS)?
>
> NetBSD provides out-of-the-box only OpenSSL and is unlikely to change
> that. For practical purposes, OpenSSL is by far the most important
> library to worry about here.

OK, good to know. Looks like I am up for another stream driver. Maybe
I hold that until Martin has done his implementation, I guess that
makes things easier :) As rsyslog is an add-on, I am currently fine
with the requirement to add another add-on in order to get it go. But
the stream driver concept was introduced to take care of different
operating system's default TLS library, and this now seems to pay of.

Rainer


Home | Main Index | Thread Index | Old Index