> It is questionable whether we should "roll our own" crypto...mandate the use
> of SSL or IPsec. Not using existing crypto means you have to get the crypto
> right and then you've got X.509 issues, etc. Time is better spent elsewhere
> - other people have already "solved this", lets stop reinenting the wheel.
I did not follow the syslog-sec discussion for a while, am just on the list to
make sure that when something interesting comes by I read it. I am however
quite heavily involved in x.509 issues, and would like to second this opinion.
Please don't reinvent the crypto-stuff that has already been invented in for
example the SSL and the SSH protocols. Just make sure the standard available
stuff fits in.
Jan
