[Babel-users] wireshark support for babelz, rtt, subtlvs, timestamps, tspc, hmac, and source specific tlvs
Denis Ovsienko
denis at ovsienko.info
Tue Apr 7 08:40:52 UTC 2015
- Previous message: [Babel-users] wireshark support for babelz, rtt, subtlvs, timestamps, tspc, hmac, and source specific tlvs
- Next message: [Babel-users] wireshark support for babelz, rtt, subtlvs, timestamps, tspc, hmac, and source specific tlvs
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
>Side note: A "feature" that I would like is the ability to only accept
>authenticated default routes. Could that be done in a topology like
>this:
>
>gw - routerA-withauth - routerB - routerC - routerD-wantsauth
Unfortunately no, this is too much different from RFC 7298, in which authentication is a per-interface set of requirements. Based on each direct neighbour's ability to satisfy those requirements the neighbour's packets make (or don't make) it into the scope of the Babel protocol instance. The authentication layer does not spell smaller non-authentication data items of the packet like individual routes.
Also the diagram above would require a security model that manages to keep things safe with untrusted speakers in between (here you would need an advice from somebody experienced with the problem stated this way).
--
Denis Ovsienko
- Previous message: [Babel-users] wireshark support for babelz, rtt, subtlvs, timestamps, tspc, hmac, and source specific tlvs
- Next message: [Babel-users] wireshark support for babelz, rtt, subtlvs, timestamps, tspc, hmac, and source specific tlvs
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the Babel-users
mailing list