Re: [B.A.T.M.A.N.] AHdemo mode

public inbox for b.a.t.m.a.n@lists.open-mesh.org
 help / color / mirror / Atom feed

From: Marek Lindner <lindner_marek@yahoo.de>
To: The list for a Better Approach To Mobile Ad-hoc Networking
	<b.a.t.m.a.n@open-mesh.net>
Subject: Re: [B.A.T.M.A.N.] AHdemo mode
Date: Thu, 10 Apr 2008 12:22:16 +0800	[thread overview]
Message-ID: <200804101222.16445.lindner_marek@yahoo.de> (raw)
In-Reply-To: <E3C3B297-FD0F-4708-AA7D-AEA1F979EA70@gmail.com>

On Thursday, 10. April 2008 10:23:58 Vinay Menon wrote:
> The problem I see here is the possibility of unwanted batman nodes
> joining in and announcing wrong/ false gateway. Since adhoc will only
> support WEP and imo its not viable having batman run only over VPN, i
> think a symmetric key arrangement where in all nodes have the same
> password to join in routing would be a great addition. This basically
> is the concept of olsr secure plugin.

But announcing a wrong/false gateway wont help - that is why we have a 
blackhole detection or the preferred gateway option. You can choose your 
gateway.

IMHO the olsr secure plugin idea has a good intention but the concept is 
broken. There are several aspects:
- As long as only a single instance (one admin) knows the key everything is 
fine. But every node joining the mesh will need that key. Either the admin 
has a _lot_ of freetime or you have to hand out the key. In the later case 
check Ebay from to time to time to find out about the value of your key.  ;-)
- Furthermore, batman is used for _community_ meshing. Everybody should be 
able to join quickly ...
- You give your users a FALSE impression of security: "We have the secure 
plugin enabled - we are secure!". Still everybody can sniff the data, man in 
the middle, etc
- Encryption on an embedded device like a router is a performance killer if 
the encryption is not done in the hardware itself.
- Most important: Nothing is better than end to end encryption / 
authentication / authorization.

Greetings,
Marek

next prev parent reply	other threads:[~2008-04-10  4:22 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-04-09 23:52 [B.A.T.M.A.N.] AHdemo mode GUSL
2008-04-10  0:52 ` Marek Lindner
2008-04-10  1:55   ` GUSL
2008-04-10  2:23     ` Vinay Menon
2008-04-10  4:22       ` Marek Lindner [this message]
2008-04-10  6:04         ` bruno randolf
2008-04-10  6:59           ` Vinay Menon
2008-04-11  7:48       ` Simon Wunderlich
2008-04-10  4:12     ` Marek Lindner
  -- strict thread matches above, loose matches on Subject: below --
2008-04-10  9:41 Marek Lindner
2008-04-10  9:51 ` elektra
2008-04-11 18:30 ` Aaron Kaplan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200804101222.16445.lindner_marek@yahoo.de \
    --to=lindner_marek@yahoo.de \
    --cc=b.a.t.m.a.n@open-mesh.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox