Transport Layer Security (TLS) Transport Mapping for Syslog
Note: This ballot was opened for revision 14 and is now closed.
(Jari Arkko) Yes
(Pasi Eronen) Yes
(Ron Bonica) No Objection
(Ross Callon) No Objection
(Lars Eggert) (was Discuss) No Objection
(Russ Housley) No Objection
(Cullen Jennings) No Objection
(Chris Newman) (was Discuss) No Objection
I find it to be bad design that every time we bind TLS to a particular protocol we have to duplicate lots of text about server identity checks, domain name matching, etc. Often these texts vary slightly in ways that are unimportant to the underlying problem but will cause operator/administrator consternation for no technical benefit. This particular instantiation has some very good text about certificate handling that probably belongs in all the other instances of this problem, so I would strongly encourage the authors to contribute to draft-hodges-server-ident-check One thing that could be added to the certificate handling text to improve it further is a requirement to support importing new trust anchors and/or removing or disabling any built-in trust anchors.
(Tim Polk) No Objection
Comment (2008-08-12 for -)
In section 5.5: s/(as described in Sections 5.2 and 5.3)/(as described in Sections 5.3 and 5.4)/