Hi WG, we have begun working on a signature verifier for -sign-12 (thanks to Albert's work, we have something to verify:)).
We have come accross an issue with online verification. -sign-12 tella redundadenncy parameters in section 5. Among others, they specify when a resend should occur. However, what I didn't find is any time window defined of within what time period a signature block should follow a plain syslog message. Let's assume I am doing online verification because I would like to trigger some actions in near-realtime and I would like to make sure that the message I am acting on is authentic. So if I receive a message from a remote host, I must wait until I receive the signature block with the hash for this message. It could be infinite until this happens. I guess that most emitors will send signature blocks in a reasonable amount of time, but it is not specified. I propose we add some wording on WHEN a signature block must be emitted at latest to facilitate online verification. Other than that, I think the main use will be offline verification (even after years) - we are probably better off with 3195 & TLS & SASL than with doing online verification. Is this the spirit of -sign? Any clarification is appreciated. Rainer
