[olsr-dev] IPC-Protocol / GUI
Marek Lindner
(spam-protected)
Thu Nov 18 18:51:48 CET 2004
Ignacio García Pérez wrote:
>If you start following that path, you'll end implementing your own
>authentication / encryption scheme, which I believe is not convenient.
>
I agree but we should bother about security and find a convenient solution.
>1- Assume all IPC clients are trusted.
>
>
Not good.
>2- Implement a "only one client can write" mechanism merely as a mean to
>avoid accidental interference between two clients.
>
>
Ok.
>3- If you want security, either:
>
>3.1- Allow restriction of client IPs in the configuration file (yeah, not
>very secure).
>
>
Client IPs and interfaces would be better. ;-)
>3.2- Or use iptables to do so (not very secure too).
>
>
Not very secure and too complicated for the average user.
>3.3- Or use SSL.
>
>
>Regarding the last point, SSL should definitely be a compilation option,
>since it may not be available or convenient in certain platforms. We have
>OpenSSL and dropbear, the second being a lightweight alternative.
>
>
That may be an option.
But can we use the openssl libs on a little device like an WRT ?
Marek
More information about the Olsr-dev
mailing list