On Thursday, 10. April 2008 10:23:58 Vinay Menon wrote:
The problem I see here is the possibility of unwanted batman nodes joining in and announcing wrong/ false gateway. Since adhoc will only support WEP and imo its not viable having batman run only over VPN, i think a symmetric key arrangement where in all nodes have the same password to join in routing would be a great addition. This basically is the concept of olsr secure plugin.
But announcing a wrong/false gateway wont help - that is why we have a blackhole detection or the preferred gateway option. You can choose your gateway.
IMHO the olsr secure plugin idea has a good intention but the concept is broken. There are several aspects: - As long as only a single instance (one admin) knows the key everything is fine. But every node joining the mesh will need that key. Either the admin has a _lot_ of freetime or you have to hand out the key. In the later case check Ebay from to time to time to find out about the value of your key. ;-) - Furthermore, batman is used for _community_ meshing. Everybody should be able to join quickly ... - You give your users a FALSE impression of security: "We have the secure plugin enabled - we are secure!". Still everybody can sniff the data, man in the middle, etc - Encryption on an embedded device like a router is a performance killer if the encryption is not done in the hardware itself. - Most important: Nothing is better than end to end encryption / authentication / authorization.
Greetings, Marek