[Olsr-dev] olsrd web of trust plug-in
Mon Dec 22 17:40:17 CET 2008
Henning Rogge wrote:
> The problem of securing OLSR-traffic is to authentificate netwide broadcast
> floods... you cannot do this easily with symmetric algorithm if you Want to
> protect against an insider attacker.
What about putting the encryption beneath the olsr/network traffic? eg. olsrd establishes a layer-2 VPN (IPSec, OpenVPN, NULL, whatever) with each 0-hop neighbor. Then olsr traffic, network traffic, broadcast, multicast and unicast run inside it. A poor-mans version would be to manually setup static openvpn (UDP tap) links to each zero hop neighbor, then run olsrd on the tap interfaces.
I imagine the plugin would purely handle starting and stopping vpns as neighbors appear and disappear. I'm kind of thinking out loud here, and this is beginning to sound a lot like WPA for mesh. ;-) Of course, this all assumes sufficient horse-power to encrypt/decrypt the traffic.
I've heard OpenVPN can do a "hybrid" mode where each server can be a client as well. I don't know if IPSec has a similar functionality.
Just a thought...
More information about the Olsr-dev