[Olsr-dev] olsrd web of trust plug-in
Mon Dec 22 13:50:57 CET 2008
Henning Rogge wrote:
> On Montag 22 Dezember 2008 12:16:03 (spam-protected) wrote:
>> Hi to everybody.
>> I just wanted to tell you that I have developed an olsrd plug-in,
>> based on the secure plug-in, that uses PGP (GnuPG) to sign OLSR
>> packets, and adds routing table entries to different routing tables on
>> a trust basis.
>> The documentation (i.e. my thesis) and the source code can be found here:
> I will look at it, we have played with this idea at work too...
>> It is still in an experimental stage, but I (or somebody here at my
>> university and/or in ninux.org) will be working on it on the following
> I hope you know that doing a single 1024 Bit RSA encryption operation will
> take many milliseconds on embedded hardware. According to my measurements you
> can do ~70 encryptions per second on a Nokia N810 (which has a 400 Mhz CPU)
> and ~200 decryptions.
Has anyone taken a look at using IPSec? The most recent kernel has support for the ixp4xx crypto engine,  and the patch submitter uses it for IPSec . My VPN experience started with SSH adding tun/tap, then I moved to openvpn (UDP works _much_ better). I'm still trying to find the time to build a small IPSec setup for testing.
I just haven't had the time to figure out how it would apply to olsrd. Would you create a VPN to each neighbor (good for backbone meshes where users don't have olsrd installed), or do point-to-point? Or maybe there's a way to do hybrid?
> Unless you plan to use desktop CPUs you will be limited to very small
This is the only reason I'm considering IPSec, despite it's complexity, hardware acceleration would make embedded applications possible.
 - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=history;f=drivers/crypto/ixp4xx_crypto.c;h=2d637e0fbc038df28dbfbff2d342b89edf6db4a4;hb=HEAD
 - http://archive.netbsd.se/?ml=openssl-users&a=2008-08&t=8288814
More information about the Olsr-dev