On Oct 25, 2017, at 3:06 PM, Juliusz Chroboczek <j...@irif.fr> wrote: > 1. You're using a TLV, which means that the TLV parser runs before auth. > Is this good practice? What about using the packet trailer ?
If you aren't using a shotgun parser, it shouldn't matter. > 2. A number of security mechanisms are being considered for Babel. > There's Denis' RFC 7557, which you're aware of. The other technique that > we're working on is the use of DTLS. See point 3. > > 3. The main improvement of RFC6126bis over 6126 is the ability to run Babel > over unicast with no multicast except for discovery (and no multicast at > all if discovery is done out of band). This makes it possible to use DTLS > and/or dynamically keyed IPsec to secure Babel. At least some of the > participants of the Babel WG are in favour of such an approach. Yup. DTLS is just convenient—it means that it's not necessary to re-invent the wheel. > 4. It is my understanding that there is consensus in the Babel WG that we > don't adopt before there is an implementation. That's not to diminish > your input, just the statement of an (IMHO happy) state of affairs. That makes perfect sense to me. I don't think the DTLS implementation would be that hard—is there any chance that anyone would be interested in working on this during the hackathon in Singapore? I say "anyone" because I don't want to put you on the spot.
_______________________________________________ homenet mailing list homenet@ietf.org https://www.ietf.org/mailman/listinfo/homenet