[Babel-users] MAC auth. for Babel in babeld
Juliusz Chroboczek
jch at irif.fr
Mon Sep 28 16:30:59 BST 2020
> You could simply reject 'mac true' if no key is configured (i.e., reject
> interface bring-up or reconfig, as appropriate depending on context).
Suppose you were running Babel together with a keying daemon. Say, one
that periodically performs an authenticated supersingular isogeny
Diffie-Helman exchange and then feeds the resulting key to the Babel
daemon.
You could of course delay starting the Babel daemon until you got yourself
a non-empty set of keys, but wouldn't it be more robust to start Babel in
authenticated mode with no keys (which would cause it to drop packets) and
then incrementally feed it keys as they are learned?
-- Juliusz
More information about the Babel-users
mailing list