Hi Mathieu, > I was looking at RFC7298 about HMAC authentication in babeld and was > wondering whether it would be usable on an open mesh network, such as the > Montreal mesh network (reseaulibre.ca), where people basically put > antennas on their roofs and join the mesh, but we would like some way to > authenticate routes in order to avoid attacks on the network.
RFC 7298 performs hop-to-hop authentication of packets, not end-to-end authentication of routes. The former is relatively doable, and very useful for closed networks; the latter is more widely applicable, but very difficult to do right (search for "SBGP"). > * how would the shared secret work on a distributed mesh? Having a unique > key for all would be too risky (it would not stay secret long, and > changing it would be hard), but we could imagine having something like > a key per city district/borough (arrondissement), or filtering on > super-nodes (backbones) to limit scope of attacks. Either that, or work with Denis to implement asymmetric keying. > * how does the optional aspect of the authentication work? Could network > participants decide, on a per-relay basis, which routes/keys to trust? That's the main problem -- keys authenticate packets, not routes. Some weak form of route authentication could be achieved by filtering depending on authentication results, but I'm pretty sure Denis hasn't implemented that. > * it seems implemented in Quagga. Any blockers to having it in the main > babeld package? No particular issues, and I'd be glad to consider a patch that does that. Please make sure you make it compile-time optional, and that you integrate cleanly with the existing configuration parser. -- Juliusz _______________________________________________ Babel-users mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/babel-users
