On Mon, Apr 16, 2012 at 7:34 AM, Juliusz Chroboczek <[email protected]> wrote: > https://groups.google.com/a/hacdc.org/group/Byzantium/browse_thread/thread/360ab7142f7001e5 > > (You'll need to click on "- Show quoted text -" to see the content. > Don't we all love Google Groups?)
Good summary, but I'm not going to post there. I had one lightweight approach to security that hasn't been tried. Use secure ntp (autokey), and increase the weight of routes received from hosts that are not exchanging secure time, to some absurd value (or simply deny those routes) That kills two birds with one stone - securing time itself, with a lightweight crypto protocol, and adding functionality to babel without making too many changes to the daemon. arguably babel's packets would have to be signed... There are undoubtedly further flaws in the idea, not least of which is seeing autokey work. > > -- Juliusz > > _______________________________________________ > Babel-users mailing list > [email protected] > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/babel-users -- Dave Täht SKYPE: davetaht US Tel: 1-239-829-5608 http://www.bufferbloat.net _______________________________________________ Babel-users mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/babel-users
