[Babel-users] [babel] Reworked implementation of HMAC authentication
Juliusz Chroboczek
jch at irif.fr
Tue Mar 12 23:10:23 GMT 2019
> So, currently, as defined, both HMAC and DTLS are global. Based on what
> I am reading here, it appears that is not what was intended. So I will
> join Barbara in saying we do not want to cause a rebellion by suggesting
> something totally radical here :-)
> BTW, do we want to maintain the ability to have a global config for security
> such that it applies to all interfaces?
What happens when a new interface is added to an existing configuration?
With a global configuration, it is automatically and hopefully atomically
configured with the global configuration. Without a global configuration,
the new interface might be created with a default security configuration,
which might (or might not) constitute a security hole.
Both of our security protocols have two properties:
1. the ability to have multiple credentials configured on a single
interface at the same time;
2. the ability to have different sets of credentials on different
interfaces.
The first property is what allows incremental key rotation (add the new
key, which might involve climbing trees, then remove the old key, which,
again, might involve visiting your local hospital's emergency room after
you fell off from a ladder).
The second property is what enables interconnection of routing domains
managed by different administrative entities -- you probably don't want to
share your domain's private keys, so the peering link would most probably
use a different set of credentials. This is particularly critical for
HMAC, which only supports symmetric keying.
I think that these are important properties, and they should be reflected
in the YANG model.
-- Juliusz
More information about the Babel-users
mailing list