[Olsr-users] PKI architecture for freifunk/funkfeier[was Rogue gateways]
Henning Rogge
(spam-protected)
Fri Jan 30 10:56:21 CET 2009
Hello,
as we are talking about security, I would like to share some ideas about a
useful and acceptable PKI architecture for Freifunk/Funkfeuer networks.
Theoretically we could just set up a central PKI (which would make things very
easy), but this would allow the owner/maintainer of the PKI to control the
whole network. This is not acceptable for a community project like Freifunk
and Funkfeuer.
My idea is that each gateway to the internet set up it's own PKI root key. The
owners of the gateways can build something like a web of trust between each
other.
Each user who is starting a new node has to download/choose a gateway as his
primary uplink and will a "chain of trust" for the rest of the gateways.
This way there is no "master PKI" and no special position for the first
gateway of the network. If a network starts misbehaving, the other gateways
can cancel their trust and ask the user not to choose this gateway as the
originator for the chain of trust. But the ultimate responsibility who has the
authority in the network is still in the hand of the user (by choosing his
"master" gateway).
New users generate a local private/public key and have to transmit it to a
gateway running a "register new node" service. This service does not need to
run on all nodes.
What do you think about a structure like this ? Would this be an acceptable
base we can use to build a security framework ?
Henning Rogge
*************************************************
Diplom Informatiker Henning Rogge
Forschungsgesellschaft für
Angewandte Naturwissenschaften e. V. (FGAN)
Neuenahrer Str. 20, 53343 Wachtberg, Germany
Tel.: 0049 (0)228 9435-961
Fax: 0049 (0)228 9435-685
E-Mail: (spam-protected)
Web: www.fgan.de
************************************************
Sitz der Gesellschaft: Bonn
Registergericht: Amtsgericht Bonn VR 2530
Vorstand: Dr. rer. nat. Ralf Dornhaus (Vors.), Prof. Dr. Joachim Ender
(Stellv.)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.olsr.org/pipermail/olsr-users/attachments/20090130/23b84bfa/attachment.sig>
More information about the Olsr-users
mailing list