[Babel-users] MAC auth. for Babel in babeld

[Juliusz Chroboczek]

> You could simply reject 'mac true' if no key is configured (i.e., reject
> interface bring-up or reconfig, as appropriate depending on context).

Suppose you were running Babel together with a keying daemon.  Say, one
that periodically performs an authenticated supersingular isogeny
Diffie-Helman exchange and then feeds the resulting key to the Babel
daemon.

You could of course delay starting the Babel daemon until you got yourself
a non-empty set of keys, but wouldn't it be more robust to start Babel in
authenticated mode with no keys (which would cause it to drop packets) and
then incrementally feed it keys as they are learned?

-- Juliusz