Purpose of 'generate from/to' and 'accept from/to' for passwords?
Toke Høiland-Jørgensen
toke at toke.dk
Mon Jan 20 17:27:34 CET 2020
Hi Bird people
When specifying passwords for protocol authentication in the Bird
config, it is possible to specify time windows in which the password
will be used to sign messages (the 'generate from/to' configuration
options), and a separate time window in which that password will be
accepted to authenticate a packet (the 'accept from/to' options).
My question is this: What is the purpose of having these two time
intervals be separate? I.e., in what deployment scenario is it useful to
have a password be accepted to authenticate a message, without also
using that password to sign outgoing messages?
This question came out of a discussion around whether we should
standardise a similar feature in the Babel RFCs. As you can see I'm
struggling a little to come up with a definite use case:
https://mailarchive.ietf.org/arch/msg/babel/XOahz4fuXXs-nHO4NMGdBwU8AZo
-Toke
More information about the Bird-users
mailing list