[Olsr-dev] olsrd web of trust plug-in
(spam-protected)
(spam-protected)
Mon Dec 22 14:11:58 CET 2008
On Mon, Dec 22, 2008 at 1:25 PM, Henning Rogge <(spam-protected)> wrote:
> Just as a comment, I DONT want to spoil your work, we have worked on similar
> staff at work... but there are a few problems I would like to share. Maybe we
> can create an even better idea together.
Yes, that would be great!
> On Montag 22 Dezember 2008 13:21:31 you wrote:
>> Yes, I am aware of this. As with this approach signature messages only
>> travel one hop,
> That's dangerous for security... you just need two attackers (or one attacker
> which simulates two or more nodes) to insert forged packages into a legal
> network. (I'm talking about an insider attacker, who owns a single legal node
> of the network)
Could you explain better your point? As long as the nodes are not
compromised, forging a packet without the private key is almost
impossible, because between neighbors a timestamp-exchange is
performed to prevent replay attacks. If you are instead talking about
a trusted user that starts acting maliciously, that may be seen as a
flaw in the trust model. Anyway, I still don't see how this is related
to hop-by-hop signatures.
>> to solve the problem we are planning to use session
>> keys and multiple symmetric signature messages based on that session
>> keys.
> Yes, that is a possibility, I know... the packages will just grow larger
> proportional to the number of 1-hop neighbors.
Yes... I also heard (as others on this list) that many vendors are
planning to include RSA-capable chips on embedded devices.
Bye,
Clauz
More information about the Olsr-dev
mailing list