>> - I think the configuration is a bit verbose. This was the minimal
>> config I needed to enable MAC in babeld:
>>
>> key name test algorithm hmac-sha256 value
>> 7465737474657374746573747465737474657374746573747465737474657374 use
>> both
>> keyset test
>> keyset-add-key test test
>> interface veth0 mac true add-keyset test
>>
>> The two middle lines feel like they are a bit redundant; could we go
>> without them for simple configs?
> You’re right; at least the line `keyset test` can go, keysets are now
> implicitly created. I don’t see how I can further simplify without
> losing the idea that interfaces may share keysets and keysets may
> share keys.
Hmm... let's discuss the following ideas:
- make "use both" optional;
- rename "add-keyset" to just "keyset";
- rename "keyset-add-key" to just "add-key";
- allow the interface configuration to say "key", in which case we
internally create an anonymous keyset with just one key.
This would make the minimal configuration be just:
key name mykey algorithm hmac-sha256 value xxx
interface veth0 mac true key mykey
_______________________________________________
Babel-users mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users
