Justin Kilpatrick <[email protected]> writes: >> Hmm... does HMAC alleviate the need for the bottom layer? >> >> https://tools.ietf.org/html/draft-ietf-babel-hmac >> >> (It's implemented, but not merged yet -- I've got two students working on >> making it mergeable.) > > HMAC would resolve the need for the bottom layer. There are advantages to > being able to share keys between the layers though. Not sure I would want to > give up on Wireguard especially since we're so dependent on it for > performance. All this encryption on little passively cooled processors is a > real challenge. > >> It's also only designed to work with link-local addresses, I'm not sure >> how much work it would be to get it work over global addresses. > > Link local is fine. The big kicker for Wireguard is uniqueness.
There have been some discussion of adding multicast support in Wireguard. Never went anywhere (yet), though; but I don't think Jason has ruled it out... -Toke _______________________________________________ Babel-users mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users
