[Olsr-dev] "Secure" Mesh networks

Henning Rogge (spam-protected)
Tue Feb 9 19:07:06 CET 2010

Am Dienstag 09 Februar 2010 18:59:01 schrieb John Barrett:
> Henning Rogge wrote:
> > Am Dienstag 09 Februar 2010 17:44:29 schrieb John Barrett:
> >> The P2P portion is only at startup -- when a router first gets an update
> >> burst from a new peer, it adds it to the table as unverified, and starts
> >> the P2P process to verify the node certificate, and get the key
> >> associated with the new node. After verification and key acquisition --
> >> everything proceeds pretty much as the current secure plugin. If the P2P
> >> verification fails, everything from the new peer is ignored (IP traffic,
> >> olsrd updates, etc)
> >>
> >> The P2P exchange CAN be carried on the olsrd bursts, but I'm thinking it
> >> will be simpler in code to handle the P2P independent of the burst
> >> traffic.
> >
> > If I understand this correctly this would mean one "verification" packet
> > for each incoming TC (and one for the answer). This would make anything
> > but very small meshs to explode with traffic, because one TC triggers one
> > verification for each receiving node.
> >
> > Henning Rogge
> huh ?? explode ?? The additional traffic generated is ONLY between
> one-hop nodes, and only happens ONCE when the nodes become visible to
> each other. (my assumption here is that some of the nodes will be mobile
> -- the one I'm installing in my truck certainly is !!)

Ah okay, you are only talking about "one hop" security. That's not enough to 
prevent routing manipulation. The node will just pretend it forwarded the 
message from someone else. You need authentication for OLSR messages, not 
packages. And this travel multiple hops.

Henning Rogge
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.olsr.org/pipermail/olsr-dev/attachments/20100209/c747c2a8/attachment.sig>

More information about the Olsr-dev mailing list