[Babel-users] [babel] Reworked implementation of HMAC authentication

[STARK, BARBARA H]

> >> - we don't support key rotation.
> 
> > Sigh.
> 
> The data structures are designed so it'll be easy, the problem is designing an
> understandable user interface.  Given the following interface
> declaration:
> 
>     interface eth0 hmac key1
> 
> what does the following mean?
> 
>     interface eth0 hmac key2
> 
> Does it add key2 to the set of keys associated with eth0, or does it override
> the current value?  I'm afraid that either will cause confusion.
> 
> I'm considering keeping the set of keys associated with an interface static,
> and allowing key rotation by redefining existing keys.  So you'd say
> 
>     interface eth0 hmac key1 hmac key2
>     key id key1 type sha256 value ...
>     key id key2 type none
> 
> and do key rotation by saying
> 
>     key id key2 type sha256 value ...
>     key id key1 type none
> 
> I'll look at Barbara's information model, the must be some insights there.

Oh, no. That doesn't sound good. I try to stay out-of-sight and not in sight. I don't want to incite rebellion.

The info model has the flags that say whether or not a key is used for signing (or validating). A key can be "disabled" by setting the flags to "false" to indicate it's not used for anything. And keys can be added/deleted.
There is still an open question about design of the hmac and dtls parts of the model, as to whether an interface can be listed in multiple instances and keys would be additive for an interface across all such instances. Which is to say, some change is still possible.
Barbara