[Babel-users] How to provision crypto keys
Juliusz Chroboczek
jch at irif.fr
Thu Jun 7 15:32:00 BST 2018
Dear all,
Clara Dô and Weronika Kołodziejak, in copy of this mail, are currently
working on adding symmetric authentication (à la RFC 7298) to babeld.
We're wondering how to provision the keys.
My current choice would be have a new configuration statement
hmac 1 sha1 bcd329fa7d180067709a03ae1e61f9b2485f3df8
where « 1 » is the key slow (multiple keys are possible), « sha1 » is the
kind of HMAC being used, and bcd... is the key itself. A key can be
deleted using
hmac 1 none
So:
- keys can be provisioned in a config file;
- key rotation can be done over the control socket;
- the entity doing key provisioning must track correlation between keys
and key slots.
Any better ideas?
-- Juliusz
More information about the Babel-users
mailing list