[Olsr-dev] "Secure" Mesh networks

L. Aaron Kaplan (spam-protected)
Tue Feb 9 10:50:16 CET 2010

>> My problem with the shared groupkey concept is that it is too easy to evade 
>> once you get the key. For routing security we need some kind of lightweight 
>> signature for OLSR messages, so each message can prove it was created by the 
>> originator. Simply using RSA/ECC is not an option, because it's too slow on 
>> embedded platforms.
> Yes, of course this solution depends on the shared key, so it must not be available to 
> other persons. But you have to judge you threat level here. If your nodes are physically 
> secured well enough for the assumed threat level, it should be sufficient.

I agree with Roar in this respect. It really depends on what you want.
If you are an ISP and (for some reason which I can not imagine) have to run
a (layer 2) unencrypted Wi-Fi network, then the secure plugin might be
just what you
are looking for.

> That means that I would not use the "secure" plugin as-is in a hostile environment with a 
> high possibility that someone may obtain and disassemble one of my "secure" nodes. It is 
> not designed for that.



More information about the Olsr-dev mailing list