[Olsr-dev] RFC: secure access control for SmartGW tunnels

Teco Boot (spam-protected)
Fri Jan 25 08:11:12 CET 2013


Op 23 jan. 2013, om 21:56 heeft Daniel het volgende geschreven:
>> 
>> I would suggest NOT to invent your own key-exchange protocol. Just use IKE with
>> a long caching time for the keys, so you only have to do it once.
> 
> What's really at stake here are the ~200kb+ of flash needed to store the
> binaries for racoon2 or openswan or ipsec-tools' IKE plus dependencies.
> (strongswan doesn't claim AH transport is working, in terms of size it's about
> the same)
> Using only iproute2 or even hardcoding such a setup and having olsrd do the
> netlink setup could safe a lot of space... (Obviously, without key-exchange and
> re-keying, this is also at the cost of security)
> 
> Are you aware of a FOSS IKE implementation which could fit into the ~60kb left
> on a 4MB-flash node? I'd happily use it! (and it should be possible to solve a
> micro-version of IKE in even less binary size)

You could check PolarSSL.

Teco



More information about the Olsr-dev mailing list