[Babel-users] Babel-MAC merged into master

Dave Taht dave.taht at gmail.com
Sun May 30 23:40:18 BST 2021


thx so much!

Do you have a good time to discuss our testing options via
videoconference? I happen to be in

https://tun.taht.net:8443/group/bufferbloat

discussing ipv6 and starlink related testing right now, and should be
there much of the day, most of the time. Let me know a good time.

My biggest issue, after this, was somehow getting all of babel to work
over unicast tunnels.

On Sun, May 30, 2021 at 1:53 PM Juliusz Chroboczek <jch at irif.fr> wrote:
>
> Dear all,
>
> I've just merged the hmac branch into master, that implements MAC
> authentication for Babel (RFC 8967).  Many, many thanks to Antonin Décimo,
> who did a lot of the work needed to clean up the code for inclusion in
> babeld.
>
> Here's an example configuration:
>
>   key id k type hmac-sha256 value aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
>   interface wlan0 key k
>
> The "key" statement defines a key called "k".  The interface statement
> "key" option requests that packets be signed with key "k", and that all
> incoming packets be verified with the key.
>
> I've checked interoperability with Bird for key type "hmac-sha256".
> I wasn't able to confirm interoperability for key type "blake2s", I still
> need to understand what's the problem.
>
> There's one major feature I haven't merged yet, it's support for key
> rotation: only one key is supported, and you cannot change keys at
> runtime.  Antonin did implement these features, but I find his
> implementation confusing, so I'll wait until grokking comes.
>
> While the protocol has been proved correct, we make no claims beyond the
> ones in RFC 8967 Section 1.2; please make sure that you understand the
> protocol's limitations.  What is more, while we have tried to be careful,
> this code is experimental and might have bugs.  In addition, we only
> secure the Babel control traffic: ARP, ND, ICMP and of course user traffic
> need to be secured by other means.
>
> Please test, and send complaints and patches.
>
> -- Juliusz
>
> _______________________________________________
> Babel-users mailing list
> Babel-users at alioth-lists.debian.net
> https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users



-- 
Latest Podcast:
https://www.linkedin.com/feed/update/urn:li:activity:6791014284936785920/

Dave Täht CTO, TekLibre, LLC



More information about the Babel-users mailing list