Juliusz Chroboczek <[email protected]> writes: >>> I think that the HMAC key should be generated automatically. I'd hope >>> that any actual production deployment of HMAC would generate HMAC keys >>> either randomly or by using a suitable KDF (or whatever the right acronym >>> is) and distribute it automatically. > >> Should we pick a KDF? Not necessarily for the RFC, but at least try to >> get compatibility between bird and babeld, so users can just input a >> password and expect things to work? > > I think we might need more deployment experience before we can answer that. > > At this early stage, however, I wouldn't expect the master key to be > distributed -- the KDF would be applied to the master key on a central > node, and the derived secret is what gets distributed to the babeld and > BIRD instances. So having a common syntax for the HMAC secret should be > good enough.
Fair enough :) -Toke _______________________________________________ Babel-users mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users
