>> I think that the HMAC key should be generated automatically. I'd hope >> that any actual production deployment of HMAC would generate HMAC keys >> either randomly or by using a suitable KDF (or whatever the right acronym >> is) and distribute it automatically.
> Should we pick a KDF? Not necessarily for the RFC, but at least try to > get compatibility between bird and babeld, so users can just input a > password and expect things to work? I think we might need more deployment experience before we can answer that. At this early stage, however, I wouldn't expect the master key to be distributed -- the KDF would be applied to the master key on a central node, and the derived secret is what gets distributed to the babeld and BIRD instances. So having a common syntax for the HMAC secret should be good enough. -- Juliusz _______________________________________________ Babel-users mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users
