On 04/22/2010 10:42 AM, Juliusz Chroboczek wrote:
I am curious if you have considered adding a security extension to any
extent in the upcoming releases?
No. What do you have in mind?
Juliusz
I saw you had left room for it, throughout the protocol specification. A
problem with all the mesh routing protocols available to date is the
total lack of security in them.
The only halfway decent IPv6 capable AND secure protocols are BGP and
OSPFv3, and secure OSPF under ipv6 requires (shudder) IPsec in order to
work. ( Actually, somebody got OSPF and IPV6 and IPSEC to work recently
-
http://blog.linux.gen.nz/2010/04/using-ipsec-to-authenticate-ipv6-ospf-under-linux/
)
Given that mesh networks are almost by definition highly insecure, a
random attacker can seriously disrupt the network via a variety of
means. It would be nice to reduce the attack vectors somewhat.
Possibly the security extensions like "autokey" in ntp4 - see
http://support.ntp.org/bin/view/Support/ConfiguringAutokey
for an incredibly complex, overly dense discussion, with - as always
seems to be the case with security systems - too many different options
for deployment.
(I kind of like the idea of multicast, or at least, secure, ntp, but I
digress)
and the interesting design of the latest multicast uftp code - see
http://www.tcnj.edu/~bush/uftp.html - might be a set of ideas to start
from.
At the moment I'm actually experimenting with *all* this stuff,
together, on an openwrt + nanostation M5 based prototype mesh network.
The M5s are nice - 8MB of flash, 32MB of ram, with a 400Mhz CPU, running
on the 5.8ghz radio band. They run just about everything I've thrown at
them so far... 300Mbit 802.11n currently works in AP/STA mode and I have
hope that the drivers will come along for ad-hoc, soon (currently
limited to 802.11a). (If anyone has M5's and would like my current build
of openwrt, let me know offlist)
There are certainly other problems, like secure neighbor discovery
(rfc3971) was only implemented once, in perl of all things...
... but you gotta tackle things one piece at a time.
_______________________________________________
Babel-users mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/babel-users
