[Olsr-dev] "Secure" Mesh networks

John Barrett (spam-protected)
Tue Feb 9 17:44:29 CET 2010

Henning Rogge wrote:
> On Tue February 9 2010 08:59:12 John Barrett wrote:
>> I'm not looking to add any more encryption than necessary, but I am
>> looking for something more secure than a shared key.  WPA already gives
>> us that much, and most likely, if the WPA key is compromised, then the
>> shared key will also be compromised (someone steals a router and reads
>> out the data with a jtag cable for instance). What I'm looking at with
>> certificates and TLS is providing a means of blocking out a single
>> compromised node if needed (by updating the certificate revocation
>> list), with just a little more overhead than the current secure plugin,
>> and that overhead mostly at "startup" when 2 nodes become aware of each
>> other.
> Communication between two OLSR nodes are not point-2-point but "one-to-all" 
> flooding communication, so you cannot establish a routing signature by creating 
> a session key between each node pair (unless you want to put a signature for 
> EACH other node into a OLSR message).
> Henning Rogge
The P2P portion is only at startup -- when a router first gets an update 
burst from a new peer, it adds it to the table as unverified, and starts 
the P2P process to verify the node certificate, and get the key 
associated with the new node. After verification and key acquisition -- 
everything proceeds pretty much as the current secure plugin. If the P2P 
verification fails, everything from the new peer is ignored (IP traffic, 
olsrd updates, etc)

The P2P exchange CAN be carried on the olsrd bursts, but I'm thinking it 
will be simpler in code to handle the P2P independent of the burst traffic.

More information about the Olsr-dev mailing list