[olsr-dev] IPC-Protocol / GUI

Marek Lindner (spam-protected)
Thu Nov 18 18:51:48 CET 2004


Ignacio García Pérez wrote:

>If you start following that path, you'll end implementing your own
>authentication / encryption scheme, which I believe is not convenient.
>

I agree but we should bother about security and find a convenient solution.


>1- Assume all IPC clients are trusted.
>  
>

Not good.


>2- Implement a "only one client can write" mechanism merely as a mean to
>avoid accidental interference between two clients.
>  
>

Ok.


>3- If you want security, either:
>
>3.1- Allow restriction of client IPs in the configuration file (yeah, not
>very secure).
>  
>

Client IPs and interfaces would be better. ;-)


>3.2- Or use iptables to do so (not very secure too).
>  
>

Not very secure and too complicated for the average user.


>3.3- Or use SSL.
>
>
>Regarding the last point, SSL should definitely be a compilation option,
>since it may not be available or convenient in certain platforms. We have
>OpenSSL and dropbear, the second being a lightweight alternative.
>  
>

That may be an option.
But can we use the openssl libs on a little device like an WRT ?


Marek





More information about the Olsr-dev mailing list