[Olsr-users] Network address associated with fingerprint of the node's public key?
Henning Rogge
(spam-protected)
Fri Mar 2 08:10:27 CET 2012
On 03/01/2012 11:00 PM, Wojciech Zabolotny wrote:
> On Thu, Mar 1, 2012 at 8:01 AM, Henning Rogge
> <(spam-protected)> wrote:
>>
>> I will try to summarize your proposal...
>>
>> A) every node generates a public/private key pair
>> B) every node selects its mesh IP based on the Hash of the public key
>> C) when a node wants to send unicast traffic to another node the first time,
>> it requests the public key from the target node, then use standard security
>> protocols like IPsec/OpenVPN to establish a secure end-2-end channel.
>>
> Generally yes, however I'd propose additionally, that the messages
> used to maintain the mesh network (calculation of the routing tables)
> should be also cryptographically protected (using the node's private key -
> when broadcasted or using encrypted channels, when sent as unicast messages).
> Nodes detected as spoofing ones should be blacklisted, and the information
> they provide should not be used by other nodes to update their routing tables.
This will increase the size of the routing messages quite a bit (and the
CPU consumtion), because you will have to put a signature on every
generated routing message and check the signature of every incoming
signature.
But if you have enough network and CPU capacity, it might work.
Especially with the IPv6 solution, because the address space should be
large enough to prevent bruteforce attacks.
Henning Rogge
--
Diplom-Informatiker Henning Rogge , Fraunhofer-Institut für
Kommunikation, Informationsverarbeitung und Ergonomie FKIE
Kommunikationssysteme (KOM)
Neuenahrer Straße 20, 53343 Wachtberg, Germany
Telefon +49 228 9435-961, Fax +49 228 9435 685
mailto:(spam-protected) http://www.fkie.fraunhofer.de
GPG: E1C6 0914 490B 3909 D944 F80D 4487 C67C 55EC CFE0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6156 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.olsr.org/pipermail/olsr-users/attachments/20120302/2dace1eb/attachment.bin>
More information about the Olsr-users
mailing list