Has this been discussed to any extent? * Problem A) babeld cannot regenerate the entire config file (?). Nor do you really want to, given dynamic configuration on the command line and via the telnet interface, and multiple conf files supported.
Plan A: Have a new file named babel.keys that you can write to or be written dynamically. Put keys in there. As many as you want. * Problem B) Key rotation itself is hairy. 1) You want to keep a key around for a while in case some old speaker comes online that was offline when you did the update 2) You want to upgrade everybody as fast as possible to the new key so you only have to hash once as soon as everybody has flipped over. Logging that a given speaker is still using an old key would be good. [1] 3) You have to stage the rollover itself so it happens to all routers at nearly the same time 4) You need to eventually retire the key It's good to think about how dnssec does this: https://kb.isc.org/docs/aa-00822 * Proposal 1: a babel.keys format: keyname start_date end_date key_type key Proposal 2: something exactly like dnssec ... [1] In terms of a convienence feature, I wouldn't mind if one day there was a <hostname>myname</hostname> message, 'cause figuring out fe80::eea8:6bff:fefe:9a2 doesn't have the right key is kind of painful. -- Dave Täht CTO, TekLibre, LLC http://www.teklibre.com Tel: 1-831-205-9740 _______________________________________________ Babel-users mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users
