> You could simply reject 'mac true' if no key is configured (i.e., reject > interface bring-up or reconfig, as appropriate depending on context).
Suppose you were running Babel together with a keying daemon. Say, one that periodically performs an authenticated supersingular isogeny Diffie-Helman exchange and then feeds the resulting key to the Babel daemon. You could of course delay starting the Babel daemon until you got yourself a non-empty set of keys, but wouldn't it be more robust to start Babel in authenticated mode with no keys (which would cause it to drop packets) and then incrementally feed it keys as they are learned? -- Juliusz _______________________________________________ Babel-users mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users
