[Babel-users] MAC auth. for Babel in babeld
Juliusz Chroboczek
jch at irif.fr
Wed Sep 23 16:51:38 BST 2020
>> - I think the configuration is a bit verbose. This was the minimal
>> config I needed to enable MAC in babeld:
>>
>> key name test algorithm hmac-sha256 value
>> 7465737474657374746573747465737474657374746573747465737474657374 use
>> both
>> keyset test
>> keyset-add-key test test
>> interface veth0 mac true add-keyset test
>>
>> The two middle lines feel like they are a bit redundant; could we go
>> without them for simple configs?
> You’re right; at least the line `keyset test` can go, keysets are now
> implicitly created. I don’t see how I can further simplify without
> losing the idea that interfaces may share keysets and keysets may
> share keys.
Hmm... let's discuss the following ideas:
- make "use both" optional;
- rename "add-keyset" to just "keyset";
- rename "keyset-add-key" to just "add-key";
- allow the interface configuration to say "key", in which case we
internally create an anonymous keyset with just one key.
This would make the minimal configuration be just:
key name mykey algorithm hmac-sha256 value xxx
interface veth0 mac true key mykey
More information about the Babel-users
mailing list