[Babel-users] babeld-2.0

[Juliusz Chroboczek]

> ... but you gotta tackle things one piece at a time.

Yep.  My current interest is working on frequency diversity -- something
that Benjamin Henrion has shown can dramatically improve the throughput
in a mesh network.  It's far from trivial, either from a theore- tical
or implementation point of view, which makes it particularly interesting
for me.

So do not expect me to work on security at any time soon (or ever).
However, I'd be glad to discuss such issues with you if you want to work
on them.

> and secure OSPF under ipv6 requires (shudder) IPsec in order to work.

Shouldn't it be possible to run Babel over IPsec in just the same way as
OSPF?  I don't see anything that would make Babel any different than
OSPF in that respect.

But I agree with you -- invoking IPsec to solve all network-layer
security issues was fashionable in the late nineties and early
noughts[1], but it turns out to be next to impossible in practice (blame
the IPsec people[2]).  We're now back to the previous style of including
security provisions in the protocol itself.

So what about Babel?  Designing a hop-to-hop security extension should
be fairly easy, whether you want to do something trivial with symmetric
keys, or something more exciting similar to SeND (but using the
router-id, rather than the IPv6 address, to embed the public key).  What
would really be intersting would be some form of end-to-end security,
similar to SBGP, but I'm not sure that can be done without bloating the
protocol.

Of course, securing all of your traffic at the link layer might solve
all of your issues with less pain...

                                        Juliusz

[1] See RFC 2080 Section 4 for the canonical example.

      http://tools.ietf.org/html/rfc2080#section-4

[2] It's always made me wonder how working on security tends to turn
    formerly reasonable people into fascist pigs with read-only minds[3].

[3] Yes, I'm still sore about the deprecation of RH0.