[Olsr-users] PKI architecture for freifunk/funkfeier[was Rogue gateways]

ZioPRoTo (Saverio Proto) (spam-protected)
Fri Jan 30 12:06:31 CET 2009


> My idea is that each gateway to the internet set up it's own PKI root key. The
> owners of the gateways can build something like a web of trust between each
> other.
>
> Each user who is starting a new node has to download/choose a gateway as his
> primary uplink and will a "chain of trust" for the rest of the gateways.

Why you want to introduce a hierarchy when it is not needed ?? Why
don't just introduce the web of trust between all the nodes ??

[..CUT..]
>If a network starts misbehaving, the other gateways
> can cancel their trust and ask the user not to choose this gateway as the
> originator for the chain of trust. But the ultimate responsibility who has the
> authority in the network is still in the hand of the user (by choosing his
> "master" gateway).
[..CUT..]

What you mean with "if a network starts misbehaving" ? Because this is
exactly the point !
You deploy a Web Of Trust or PKI/PMI to enforce a security policy.
Now to enforce a security policy you must be able to detect abuse !!
I don't see the big problem in building a good web of trust (see
previous email describing the OLSR web of trust plugin) nor in
extending PGP to support security policies ... I see the big problem
in building a fair reputation system and le the nodes detect
abuses/attacks correctly :)

> What do you think about a structure like this ? Would this be an acceptable
> base we can use to build a security framework ?

I don't know if you read the emails I sent about 15 minutes ago :) I'm
happy to brainstorm with you guys on this topics :)

Saverio




More information about the Olsr-users mailing list