-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Marek Lindner schrieb:
Hi,
Batman has a tunnel with gateway but is it possible to secure it? In first step only clients with proper credentials can start tunnel and in second step tunnel is crypted.
I agree that this would be a good idea. Using the batman tunnels would be much easier to set up than IPSec as everything is integrated. Besides that a lightweight encryption could be implemented which even runs on weaker machines.
What is lightweight encryption? Does lightweight means insecure? Is it easier, because you are not familiar with IPSEC?
building unsecure crypto ist worse then having no crypto, it would be a "sicherheitsimulation". building strong crypto is not easy, so many failed to develop and implement it with more and better cryptospecialists the the batman team has.
That feature is planned and a concept already exists. Nevertheless, the batman developer team has a divided opinion about this idea. Some of us (inlucing me) think that it a good opportunity to help spreading internet gateways throughout a city wide mesh. The others fear that this could be the beginning of the end of free mesh networks if we implement such control mechanisms. What do you think ? Why do you want this feature ?
Some batman developer once told me, that implementing/supporting service discovery inside batman is a bad idea, as they want to have batman as slim as possible. how does integrating cryptotunnels in a routingprotocol does get conform to that?
Btw: Does your vis server compile now ?
Regards, Marek
Greets, Alex