From: Marek Lindner <lindner_marek@yahoo.de>
To: The list for a Better Approach To Mobile Ad-hoc Networking
<b.a.t.m.a.n@open-mesh.net>
Subject: Re: [B.A.T.M.A.N.] securing batman gateway
Date: Thu, 28 Jun 2007 15:46:03 +0200 [thread overview]
Message-ID: <200706281546.03324.lindner_marek@yahoo.de> (raw)
In-Reply-To: <46839CDF.30106@dd19.de>
Hi,
> What is lightweight encryption? Does lightweight means insecure?
No. I don't know how much you know about encryption technologies but let me
tell you that there is technologly which works better on embedded devices
than other technologly. Simply because it was optimized for that purpose.
Using a CPU intense encryption does not make the communication more or less
insecure. The key is the overall security concept.
Since the focus of batman are embedded devices it seems obvious that we should
choose that direction.
> Is it easier, because you are not familiar with IPSEC?
You misunderstand. It is not a question of you and me. There are people in
this world who would like to use batman / mesh technology without being an IT
expert. That applies to most of our users ...
> building unsecure crypto ist worse then having no crypto, it would be a
> "sicherheitsimulation". building strong crypto is not easy, so many
> failed to develop and implement it with more and better
> cryptospecialists the the batman team has.
I totally agree. I never proposed to reinvent the wheel by building our own
encryption technology. I'm well aware of the many issues which arise once you
choose that path.
> Some batman developer once told me, that implementing/supporting service
> discovery inside batman is a bad idea, as they want to have batman as
> slim as possible. how does integrating cryptotunnels in a routingprotocol
> does get conform to that?
I don't see the connection between your example and the current context.
Batman already builds that tunnel. Why should we not extend that existing
feature ? Sure, you could create another tunnel in the tunnel.
The question is whether we give the ordinary user a tool at hand which enables
him to control the access of his internet gateway. What do you think ?
Regards,
Marek
prev parent reply other threads:[~2007-06-28 13:46 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-26 15:23 [B.A.T.M.A.N.] securing batman gateway Stefano Scipioni
2007-06-26 22:31 ` Alexander Morlang
2007-06-27 10:08 ` Marek Lindner
2007-06-28 11:34 ` Alexander Morlang
2007-06-28 13:46 ` Marek Lindner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200706281546.03324.lindner_marek@yahoo.de \
--to=lindner_marek@yahoo.de \
--cc=b.a.t.m.a.n@open-mesh.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox