[Olsr-users] PKI architecture for freifunk/funkfeier[was Rogue gateways]

[Henning Rogge]

Am Friday 30 January 2009 11:30:46 schrieb Bernd Petrovitsch:
> On Fri, 2009-01-30 at 10:56 +0100, Henning Rogge wrote:
> [...]
>
> > as we are talking about security, I would like to share some ideas about
> > a useful and acceptable PKI architecture for Freifunk/Funkfeuer networks.
> >
> > Theoretically we could just set up a central PKI (which would make things
> > very easy), but this would allow the owner/maintainer of the PKI to
> > control the whole network. This is not acceptable for a community project
> > like Freifunk and Funkfeuer.
> >
> > My idea is that each gateway to the internet set up it's own PKI root
> > key. The owners of the gateways can build something like a web of trust
> > between each other.
>
> So when a "network" administratively forces a limited set of gateways,
> you have exactly the situation you wanted above to avoid.
No, you can just open your own gateway and begin your own PKI root... and ask 
other gateways to join you.

Of course it may be a good idea if the OLSR warns the user (through the 
webinterface ? through email) if his PKI-web-of-trust only covers a small part 
of the available gateways).

Henning

*************************************************
Diplom Informatiker Henning Rogge
Forschungsgesellschaft für
Angewandte Naturwissenschaften e. V. (FGAN) 
Neuenahrer Str. 20, 53343 Wachtberg, Germany
Tel.: 0049 (0)228 9435-961
Fax: 0049 (0)228 9435-685
E-Mail: (spam-protected)
Web: www.fgan.de
************************************************
Sitz der Gesellschaft: Bonn
Registergericht: Amtsgericht Bonn VR 2530
Vorstand: Dr. rer. nat. Ralf Dornhaus (Vors.), Prof. Dr. Joachim Ender 
(Stellv.)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.olsr.org/pipermail/olsr-users/attachments/20090130/76d4dd8d/attachment.sig>