[Olsr-users] Network address associated with fingerprint of the node's public key?
Wojciech Zabolotny
(spam-protected)
Thu Mar 1 23:00:33 CET 2012
On Thu, Mar 1, 2012 at 8:01 AM, Henning Rogge
<(spam-protected)> wrote:
>
> I will try to summarize your proposal...
>
> A) every node generates a public/private key pair
> B) every node selects its mesh IP based on the Hash of the public key
> C) when a node wants to send unicast traffic to another node the first time,
> it requests the public key from the target node, then use standard security
> protocols like IPsec/OpenVPN to establish a secure end-2-end channel.
>
Generally yes, however I'd propose additionally, that the messages
used to maintain the mesh network (calculation of the routing tables)
should be also cryptographically protected (using the node's private key -
when broadcasted or using encrypted channels, when sent as unicast messages).
Nodes detected as spoofing ones should be blacklisted, and the information
they provide should not be used by other nodes to update their routing tables.
--
Wojtek
More information about the Olsr-users
mailing list