[Babel-users] [babel] HMAC Key rotation key format (was ripemd)
Markus Stenberg
markus.stenberg at iki.fi
Tue Dec 4 18:33:39 GMT 2018
For interconnected domains and whatever, I would rather just use DTLS with relatively shortlived and auto-renewed certs (real-time revocation is hard to do if you are authenticating routing - chicken 'n' egg problem; one alternative is of course some sort of manual blacklisting if you want to go with long-lived certs).
If HNCP is in picture, DNCP trust based consensus model is also an option - with it, (self-signed) certificates can have long lifetime as their usefulness is determined by consensus of nodes -> as long as there's only few compromised nodes, you can blacklist them in real time if you control the rest of the nodes.
Cheers,
-Markus
More information about the Babel-users
mailing list