[Olsr-dev] "Secure" Mesh networks
John Barrett
(spam-protected)
Tue Feb 9 17:44:29 CET 2010
Henning Rogge wrote:
> On Tue February 9 2010 08:59:12 John Barrett wrote:
>
>> I'm not looking to add any more encryption than necessary, but I am
>> looking for something more secure than a shared key. WPA already gives
>> us that much, and most likely, if the WPA key is compromised, then the
>> shared key will also be compromised (someone steals a router and reads
>> out the data with a jtag cable for instance). What I'm looking at with
>> certificates and TLS is providing a means of blocking out a single
>> compromised node if needed (by updating the certificate revocation
>> list), with just a little more overhead than the current secure plugin,
>> and that overhead mostly at "startup" when 2 nodes become aware of each
>> other.
>>
> Communication between two OLSR nodes are not point-2-point but "one-to-all"
> flooding communication, so you cannot establish a routing signature by creating
> a session key between each node pair (unless you want to put a signature for
> EACH other node into a OLSR message).
>
> Henning Rogge
>
The P2P portion is only at startup -- when a router first gets an update
burst from a new peer, it adds it to the table as unverified, and starts
the P2P process to verify the node certificate, and get the key
associated with the new node. After verification and key acquisition --
everything proceeds pretty much as the current secure plugin. If the P2P
verification fails, everything from the new peer is ignored (IP traffic,
olsrd updates, etc)
The P2P exchange CAN be carried on the olsrd bursts, but I'm thinking it
will be simpler in code to handle the P2P independent of the burst traffic.
More information about the Olsr-dev
mailing list