[Babel-users] [babel] BASE64 and hex encoding HMAC keys for user presentation
Toke Høiland-Jørgensen
toke at toke.dk
Mon Dec 24 22:08:56 GMT 2018
Juliusz Chroboczek <jch at irif.fr> writes:
>>> I think that the HMAC key should be generated automatically. I'd hope
>>> that any actual production deployment of HMAC would generate HMAC keys
>>> either randomly or by using a suitable KDF (or whatever the right acronym
>>> is) and distribute it automatically.
>
>> Should we pick a KDF? Not necessarily for the RFC, but at least try to
>> get compatibility between bird and babeld, so users can just input a
>> password and expect things to work?
>
> I think we might need more deployment experience before we can answer that.
>
> At this early stage, however, I wouldn't expect the master key to be
> distributed -- the KDF would be applied to the master key on a central
> node, and the derived secret is what gets distributed to the babeld and
> BIRD instances. So having a common syntax for the HMAC secret should be
> good enough.
Fair enough :)
-Toke
More information about the Babel-users
mailing list