[Babel-users] Babel and HMAC authentication
Mathieu Lutfy
mathieu at bidon.ca
Thu Nov 13 19:25:57 UTC 2014
Hi,
I was looking at RFC7298 about HMAC authentication in babeld and was wondering whether it would be usable on an open mesh network, such as the Montreal mesh network (reseaulibre.ca), where people basically put antennas on their roofs and join the mesh, but we would like some way to authenticate routes in order to avoid attacks on the network. In other words, we want to operate in a decentralized and open way, but we need some way to mitigate attacks (announcing false routes).
* how would the shared secret work on a distributed mesh? Having a unique key for all would be too risky (it would not stay secret long, and changing it would be hard), but we could imagine having something like a key per city district/borough (arrondissement), or filtering on super-nodes (backbones) to limit scope of attacks.
* how does the optional aspect of the authentication work? Could network participants decide, on a per-relay basis, which routes/keys to trust?
* it seems implemented in Quagga. Any blockers to having it in the main babeld package? (we use OpenWRT, but worst case we could apply a patch and include in our Commotion-based firmware)
Thanks,
Mathieu (bgm on IRC #babel #reseaulibre)
More information about the Babel-users
mailing list