[Olsr-users] Network address associated with fingerprint of the node's public key?
Wojciech Zabolotny
(spam-protected)
Tue Feb 28 12:31:27 CET 2012
Hi,
I've experimented a little with spontaneously created mesh networks
based on olsr protocol. The idea was, that the net is totally open, without
any management nodes (so the network should survive as long
as sufficient amount of users is on-line,creating the mesh).
Therefore it was also not possible to provide any DHCP server.
Everyone could connect selecting any free IP belonging to the pool of
the addresses belonging to the network.
Unfortunately, such simplistic scheme is not immune against IP
conflicts (either occuring due to random selection of IP, or caused by malicious
intruders trying to destroy the network).
The network could be protected, if the IP address could be associated
with the public key of the node (e.g. it could be based on fingerprint
of this key).
In this case the intruder could not spoof the particular node, unless
he has the secret key associated with public kay matching that IP.
When maintaining the network, nodes should check, that the node
claiming to have particular IP really has the key pair matching it
(by sending a challenge encrypted with the public key, and
requesting the response).
Of course it could be difficult to add such mechanism to the IP4 based
network (as with less than 2^32 possible IP numbers it could could be
possible to generate key matching any selected IP - even though
it would be time consuming), but in IPv6 it should be doable.
I don't know whether this idea is new, neither if it is possible to
implement in reasonable way,
but it seems interesting...
--
WZab
More information about the Olsr-users
mailing list