[Olsr-dev] olsrd web of trust plug-in

[Jason]

Henning Rogge wrote:
> The problem of securing OLSR-traffic is to authentificate netwide broadcast 
> floods... you cannot do this easily with symmetric algorithm if you Want to 
> protect against an insider attacker.

What about putting the encryption beneath the olsr/network traffic?  eg. olsrd establishes a layer-2 VPN (IPSec, OpenVPN, NULL, whatever) with each 0-hop neighbor.  Then olsr traffic, network traffic, broadcast, multicast and unicast run inside it.  A poor-mans version would be to manually setup static openvpn (UDP tap) links to each zero hop neighbor, then run olsrd on the tap interfaces.

I imagine the plugin would purely handle starting and stopping vpns as neighbors appear and disappear.  I'm kind of thinking out loud here, and this is beginning to sound a lot like WPA for mesh. ;-)  Of course, this all assumes sufficient horse-power to encrypt/decrypt the traffic.

I've heard OpenVPN can do a "hybrid" mode where each server can be a client as well.  I don't know if IPSec has a similar functionality.  

Just a thought...

Jason.