[Babel-users] [babel] BASE64 and hex encoding HMAC keys for user presentation
Juliusz Chroboczek
jch at irif.fr
Sun Dec 23 20:40:10 GMT 2018
>> I think that the HMAC key should be generated automatically. I'd hope
>> that any actual production deployment of HMAC would generate HMAC keys
>> either randomly or by using a suitable KDF (or whatever the right acronym
>> is) and distribute it automatically.
> Should we pick a KDF? Not necessarily for the RFC, but at least try to
> get compatibility between bird and babeld, so users can just input a
> password and expect things to work?
I think we might need more deployment experience before we can answer that.
At this early stage, however, I wouldn't expect the master key to be
distributed -- the KDF would be applied to the master key on a central
node, and the derived secret is what gets distributed to the babeld and
BIRD instances. So having a common syntax for the HMAC secret should be
good enough.
-- Juliusz
More information about the Babel-users
mailing list