[Babel-users] [babel] HMAC Key rotation key format (was ripemd)
Ted Lemon
mellon at fugue.com
Thu Nov 29 18:55:46 GMT 2018
On Thu, Nov 29, 2018 at 1:14 AM Dave Taht <dave at taht.net> wrote:
> Mahesh Jethanandani <mjethanandani at gmail.com> writes:
> > A draft that proposed pair-wise key management was proposed here. It
> > does not address the question of timestamp, but is something that
> > could be exchanged as part of key rollover to allow routers to
> > calculate the delta. Including the original authors of the draft.
>
> I'm sorry but adding this level of complexity is not in the cards
> from my perspective. Layering key exchange over a different out of band
> medium, being a slip of paper, a telephone call, ssh or https seems
> saner.
FWIW, for homenet the thought was to use HNCP to distribute keys amongst
routers. This doesn't solve the general problem, but illustrates your
point, Dave, that this is something that can be provisioned out of band.
(In the HNCP case we're talking about public keys for DTLS, not shared
secrets, of course). This seems like a better choice than a complicated
pairwise key management strategy for HMAC.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/babel-users/attachments/20181129/67389f5b/attachment-0001.html>
More information about the Babel-users
mailing list