[Olsr-dev] olsrd web of trust plug-in

Jason (spam-protected)
Mon Dec 22 13:50:57 CET 2008 

Henning Rogge wrote:
> On Montag 22 Dezember 2008 12:16:03 (spam-protected) wrote:
>> Hi to everybody.
>> I just wanted to tell you that I have developed an olsrd plug-in,
>> based on the secure plug-in, that uses PGP (GnuPG) to sign OLSR
>> packets, and adds routing table entries to different routing tables on
>> a trust basis.
>>
>> The documentation (i.e. my thesis) and the source code can be found here:
>> http://hg.ninux.org/olsrd-ninux-messy/
>> http://hg.ninux.org/olsrd-ninux-messy/browser/lib/wot
> I will look at it, we have played with this idea at work too...
> 
>> It is still in an experimental stage, but I (or somebody here at my
>> university and/or in ninux.org) will be working on it on the following
>> months.
> I hope you know that doing a single 1024 Bit RSA encryption operation will 
> take many milliseconds on embedded hardware. According to my measurements you 
> can do ~70 encryptions per second on a Nokia N810 (which has a 400 Mhz CPU) 
> and ~200 decryptions.

Has anyone taken a look at using IPSec?  The most recent kernel has support for the ixp4xx crypto engine, [1] and the patch submitter uses it for IPSec [2].  My VPN experience started with SSH adding tun/tap, then I moved to openvpn (UDP works _much_ better).  I'm still trying to find the time to build a small IPSec setup for testing.

I just haven't had the time to figure out how it would apply to olsrd.  Would you create a VPN to each neighbor (good for backbone meshes where users don't have olsrd installed), or do point-to-point?  Or maybe there's a way to do hybrid?  

> 
> Unless you plan to use desktop CPUs you will be limited to very small 
> networks...
>

This is the only reason I'm considering IPSec, despite it's complexity, hardware acceleration would make embedded applications possible.

thx,

Jason.

[1] - http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=history;f=drivers/crypto/ixp4xx_crypto.c;h=2d637e0fbc038df28dbfbff2d342b89edf6db4a4;hb=HEAD
[2] - http://archive.netbsd.se/?ml=openssl-users&a=2008-08&t=8288814

More information about the Olsr-dev mailing list