Hi Antonin Great to see! A few comments:
> The code has not undergone review. No interoperability testing has > been done. I've done basic interoperability testing with the latest version of my MAC implementation for Babel in Bird. They can successfully exchange messages with both hmac-sha256 and blake2s hash algorithms configured. A few comments/suggestions on the babeld implementation: - You don't enforce a minimum key length. For blake2s this means the key will effectively be zero-padded up to the block size of 32 bytes (not sure what hmac-sha256 does). For Bird I'm enforcing that the key size must match the hash output size (32 bytes for both blake2s and hmac-sha256). This is based on the security considerations section in the draft; should babeld do the same? (this also tripped me up when testing, because I accidentally pasted a truncated key into the babeld config without noticing). - I think the configuration is a bit verbose. This was the minimal config I needed to enable MAC in babeld: key name test algorithm hmac-sha256 value 7465737474657374746573747465737474657374746573747465737474657374 use both keyset test keyset-add-key test test interface veth0 mac true add-keyset test The two middle lines feel like they are a bit redundant; could we go without them for simple configs? -Toke _______________________________________________ Babel-users mailing list Babel-users@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/babel-users