[Olsr-dev] "Secure" Mesh networks
L. Aaron Kaplan
(spam-protected)
Tue Feb 9 10:50:16 CET 2010
(...)
>> My problem with the shared groupkey concept is that it is too easy to evade
>> once you get the key. For routing security we need some kind of lightweight
>> signature for OLSR messages, so each message can prove it was created by the
>> originator. Simply using RSA/ECC is not an option, because it's too slow on
>> embedded platforms.
>>
>
> Yes, of course this solution depends on the shared key, so it must not be available to
> other persons. But you have to judge you threat level here. If your nodes are physically
> secured well enough for the assumed threat level, it should be sufficient.
>
I agree with Roar in this respect. It really depends on what you want.
If you are an ISP and (for some reason which I can not imagine) have to run
a (layer 2) unencrypted Wi-Fi network, then the secure plugin might be
just what you
are looking for.
> That means that I would not use the "secure" plugin as-is in a hostile environment with a
> high possibility that someone may obtain and disassemble one of my "secure" nodes. It is
> not designed for that.
>
ACK
Best,
a.
More information about the Olsr-dev
mailing list