[Babel-users] [babel] Reworked implementation of HMAC authentication

[Juliusz Chroboczek]

> The info model has the flags that say whether or not a key is used for
> signing (or validating). A key can be "disabled" by setting the flags to
> "false" to indicate it's not used for anything. And keys can be added/deleted.

There's a number of indirections in the information model, and I'm not
sure whether I should be mirrorring that in the config file format:

  interface -> security-obj -> credential-obj -> cred

The model used by babeld's config file is way simpler:

  interface -> key

There are two questions that I need to think about (and any contributions
from y'all will be considered carefully before they are discarded):

  1. How much flexibility am I giving up by having just one level of
     indirection instead of three ?

  2. What's the right syntax for dynamically updating the credentials that
     is both powerful and understandable by the smart but overworked system
     administrator?

Concerning point (1), there are no further constraints.  Concerning point (2),
I insist on (a) the syntax being LL(1), and (b) any statement used for
dynamic reconfiguration is also valid in the static configuration file
(but not necessarily the other way around).

I shall grok further, until fullness comes.

-- Juliusz