[Babel-users] [babel] Reworked implementation of HMAC authentication
Toke Høiland-Jørgensen
toke at toke.dk
Tue Mar 12 09:00:24 GMT 2019
Juliusz Chroboczek <jch at irif.fr> writes:
>> The info model has the flags that say whether or not a key is used for
>> signing (or validating). A key can be "disabled" by setting the flags to
>> "false" to indicate it's not used for anything. And keys can be added/deleted.
>
> There's a number of indirections in the information model, and I'm not
> sure whether I should be mirrorring that in the config file format:
>
> interface -> security-obj -> credential-obj -> cred
>
> The model used by babeld's config file is way simpler:
>
> interface -> key
>
> There are two questions that I need to think about (and any contributions
> from y'all will be considered carefully before they are discarded):
>
> 1. How much flexibility am I giving up by having just one level of
> indirection instead of three ?
FWIW, Bird will also use the simpler mechanism (a key is part of the
iface config). But the Bird reload semantics is only "re-read the entire
config", so doesn't have the same dynamic reconfig issues...
-Toke
More information about the Babel-users
mailing list