[babel] Purpose of 'generate from/to' and 'accept from/to' for passwords?
Toke Høiland-Jørgensen
toke at toke.dk
Tue Jan 21 14:37:35 CET 2020
Juliusz Chroboczek <jch at irif.fr> writes:
> Thanks, Ondrej.
>
>> Well, it is requirement of OSPF spec (RFC 2328). I could assume it could
>> help for smoother key transitions when clocks are not perfectly synchronized.
>
> Ah, I see.
>
> OSPF only allows one key in the trailer, so it needs the ability to send
> one key but accept many. Babel-MAC allows multiple keys in the trailer,
> and that ability is therefore not required.
>
> Or am I missing something?
No, I think you're right.
> I have no objection to keeping the ability, since it's pretty trivial to
> implement. No objection to making it optional, since it's not
> particularly useful in Babel-MAC. No objection to removing it altogether,
> since it's good to avoid unnecessary features.
Well, the Bird implementation (which I really should get around to
finishing) is going to re-use the existing config syntax, so that is
going to implement it in any case. I don't have any strong opinions as
to what the spec should say, as long as it doesn't forbid such an option :)
-Toke
More information about the Bird-users
mailing list