On Sat, Oct 10, 2020, at 23:00, Toke Høiland-Jørgensen wrote: > I guess it's not quite the same as key expiry (as the keys will > technically still be around in the configuration file), but it does make > it possible to have the daemon enforce a time after which they will no > longer be accepted.
On the one hand, it might be convenient to be able to schedule rotations in advance: the downside of having a lifetime is that it's tied to the moment the keying daemon inserts the key into babeld. But on the other hand, it requires a reliable clock which (I think?) babeld has managed to avoid so far. Key expiry is probably preferable. In any case, I don't think it should be made mandatory. Gabriel _______________________________________________ Babel-users mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users
