Now, I support Albert's proposal. Given on the fact we tackle #8, we should not allow that a fragment will be further fragmented by syslog-international or whatever. This would open up a lot of problems. As such, -sign messages should NOT use option 3 from issue #8 (oversize messages). As such, the block can not be any longer than 999 bytes and 1*3DIGIT is fine. In fact, it even saves us from some potential attack vectors.
So my vote: change the range to "1-3". Rainer > -----Original Message----- > From: Chris Lonvick [mailto:[EMAIL PROTECTED] > Sent: Friday, September 12, 2003 4:35 PM > To: [EMAIL PROTECTED] > Subject: Issue 6: Fragment Length - Still needs review > > > Issue 6: Fragment Length > http://www.employees.org/~lonvick/draft-ietf-syslog-sign-12.ht > ml#fraglen > > From Archive: > http://www.mail-archive.com/syslog-sec%40employees.org/msg01229.html > > Albert suggests changing the value from "1-4 characters" to "1-3" > since the payload of a syslog Certificate Block will be less than > 999 characters -taking out the length of the PRI, TIMESTAMP and > HOSTNAME. Anyone have any problems with this? > > STATUS: Deferred until we resolve Issue 8 > > From the Archive: > http://www.mail-archive.com/syslog-sec%40employees.org/msg01246.html > > >
