Juliusz Chroboczek <[email protected]> writes: >> You could simply reject 'mac true' if no key is configured (i.e., reject >> interface bring-up or reconfig, as appropriate depending on context). > > Suppose you were running Babel together with a keying daemon. Say, one > that periodically performs an authenticated supersingular isogeny > Diffie-Helman exchange and then feeds the resulting key to the Babel > daemon. > > You could of course delay starting the Babel daemon until you got yourself > a non-empty set of keys, but wouldn't it be more robust to start Babel in > authenticated mode with no keys (which would cause it to drop packets) and > then incrementally feed it keys as they are learned?
Hmm, not sure I have any opinion about which would be more robust off the top of my head. But I can see your point that someone might implement it that way; and I suppose I could be convinced that such a configuration could be allowed, as long as it fails safe, of course. I think that at least emitting a clear warning on startup would help users avoid the most common configuration errors, though... -Toke _______________________________________________ Babel-users mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users
