[Babel-users] About Babel's security
Dave Taht
dave.taht at gmail.com
Mon Apr 16 14:50:03 UTC 2012
On Mon, Apr 16, 2012 at 7:34 AM, Juliusz Chroboczek <jch at pps.jussieu.fr> wrote:
> https://groups.google.com/a/hacdc.org/group/Byzantium/browse_thread/thread/360ab7142f7001e5
>
> (You'll need to click on "- Show quoted text -" to see the content.
> Don't we all love Google Groups?)
Good summary, but I'm not going to post there.
I had one lightweight approach to security that hasn't been tried.
Use secure ntp (autokey), and increase the weight of routes received from hosts
that are not exchanging secure time, to some absurd value (or simply deny those
routes)
That kills two birds with one stone - securing time itself, with a
lightweight crypto protocol,
and adding functionality to babel without making too many changes to the daemon.
arguably babel's packets would have to be signed...
There are undoubtedly further flaws in the idea, not least of which is
seeing autokey work.
>
> -- Juliusz
>
> _______________________________________________
> Babel-users mailing list
> Babel-users at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/babel-users
--
Dave Täht
SKYPE: davetaht
US Tel: 1-239-829-5608
http://www.bufferbloat.net
More information about the Babel-users
mailing list