[Babel-users] key rotation take #2
Toke Høiland-Jørgensen
toke at toke.dk
Wed Nov 28 12:09:05 GMT 2018
Dave Taht <dave at taht.net> writes:
> so we invent a new keyword "serial".
So what you're trying to express here is the notion of a "receive-only"
key that is not used for signing outgoing packets, right? If so, I think
it would be better to express that explicitly as a property of the key
config that can be changed on a per-key basis. For one thing, 'serial'
is misleading as it sounds like something that affects the wire format,
and for another with your proposal it becomes difficult to re-instate a
previously retired key (say, if you want to restore connectivity to an
old router that dropped off while you were changing keys).
-Toke
More information about the Babel-users
mailing list