Re: [Echelog-devel] About certificate

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Thu, Feb 20, 2003 at 09:53:15AM +0100, Benoit DOLEZ wrote:
> Hi,
> 
> Why do you need ip addresses of the echelog sender in the receiver conf?
> Do certificates not be sure to identify sender?
> 
> I can't use it for DHCP client.
> 
> Benoit

This is to avoid possible overwhelming by invalid requests. It is easier
to drop all unwanted packets that to examine all certificates on
incoming connections.

Maybe this should be changed to a range/list of ip-adresses (thus allow
DHCP subnets). The receiver should be also able to drop messages
(comming from a trusted host) with a forged host_id header record.

But I think such proposal would need more detailed discussion. 
Any idea from outer space (or other developers ;)?

Kamil