[Babel-users] [babel] Reworked implementation of HMAC authentication

[Juliusz Chroboczek]

>> The second property is what enables interconnection of routing domains
>> managed by different administrative entities -- you probably don't want to
>> share your domain's private keys, so the peering link would most probably
>> use a different set of credentials.  This is particularly critical for
>> HMAC, which only supports symmetric keying.

> Hmm. Can the two domains use certs/asymmetric keys to send the symmetric
> key obtained by one end, in a secure fashion to the partner domain?

Sure.  One could for example copy the key over ssh, or use a dedicated
key agreement protocol.

But that's obviously outside the scope of the Babel protocol.

-- Juliusz