[Olsr-dev] RFC: secure access control for SmartGW tunnels
Teco Boot
(spam-protected)
Fri Jan 25 08:11:12 CET 2013
Op 23 jan. 2013, om 21:56 heeft Daniel het volgende geschreven:
>>
>> I would suggest NOT to invent your own key-exchange protocol. Just use IKE with
>> a long caching time for the keys, so you only have to do it once.
>
> What's really at stake here are the ~200kb+ of flash needed to store the
> binaries for racoon2 or openswan or ipsec-tools' IKE plus dependencies.
> (strongswan doesn't claim AH transport is working, in terms of size it's about
> the same)
> Using only iproute2 or even hardcoding such a setup and having olsrd do the
> netlink setup could safe a lot of space... (Obviously, without key-exchange and
> re-keying, this is also at the cost of security)
>
> Are you aware of a FOSS IKE implementation which could fit into the ~60kb left
> on a 4MB-flash node? I'd happily use it! (and it should be possible to solve a
> micro-version of IKE in even less binary size)
You could check PolarSSL.
Teco
More information about the Olsr-dev
mailing list