>> The second property is what enables interconnection of routing domains >> managed by different administrative entities -- you probably don't want to >> share your domain's private keys, so the peering link would most probably >> use a different set of credentials. This is particularly critical for >> HMAC, which only supports symmetric keying.
> Hmm. Can the two domains use certs/asymmetric keys to send the symmetric > key obtained by one end, in a secure fashion to the partner domain? Sure. One could for example copy the key over ssh, or use a dedicated key agreement protocol. But that's obviously outside the scope of the Babel protocol. -- Juliusz _______________________________________________ Babel-users mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users
