[Freedombox-discuss] Which mesh system should be included in the Freedombox?
anders.jackson at gmail.com
Sat Oct 12 13:56:38 UTC 2013
Den 12 okt 2013 11:54 skrev "Paul Gardner-Stephen" <paul at servalproject.org>:
> Hello all,
> On Sat, Oct 12, 2013 at 6:06 PM, Petter Reinholdtsen <pere at hungry.com>
>> [Sandy Harris]
>> > As I see it, security has to be the first consideration for any Box
>> > component, including a mesh system. Given the stated project goals we
>> > should not even consider anything unless we have good reason to
>> > consider it secure.
>> I've concluded I will focus on batman-adv for now, as it provide layer 2
>> mesh networking (as in both IPv4 and IPv6 will work) and is used by the
>> Serval project that provide a peer-to-peer phone system that allow phone
>> calls and "SMS" messaging without central infrastucture. If the
>> freedombox provide mesh nodes compatible with the Serval project, we get
>> free software phone support for free. :)
> So some clarification here:
> Serval used to use the original layer-3 batman, and can still coexist
with batman, batman-adv, babel, olsrd etc. But Serval now includes its own
mesh routing protocol, for many of the reasons that are stimulating
> Some of those reasons include the difficulty of making a secure fully
distributed network, especially a mesh network. Indeed, this was a major
reason for us side-stepping IP, and creating our own mesh-oriented network
> We started from the ground-up by using public cryptography keys as
network addresses. This means that we promiscuously share and exchange
public keys on the network as part of its inherent operation. It also
means that end-to-end encryption is trivial, requires no key exchange,
centralised authority or other complication. Indeed, encryption is so
simple in the Serval network layer that we enable it by default: you need
to set flags on a packet if you don't want it signed and encrypted.
> Careful choice of crypto system means that it is still fast, and doesn't
need huge keys. We also added an address abbreviation scheme that means
that we typically have smaller network headers than IPv4, let alone IPv6.
> That leaves only key verification to ensure private
man-in-the-middle-free communications with any party on the network -- a
problem that the open-source community has largely solved with web of trust.
> This security platform was recently recognised at the Global Security
Challenge grand-final in London where we received an Honourable Mention,
coming a close second in the entire competition -- against entrants from
the USA, UK, Israel and other major players in the security space.
> We do not rest on our laurels, nor do we take the praise of men as
meaning that we have a perfect or vulnerability-free system. But we do
believe that we have created something that has great potential in the
open-source world, and especially for projects like Freedom Box where
private correspondence (text, voice and data) on a fully-distributed
self-organising network is a major objective.
> As mentioned, because all Serval services operate in parallel to IP, this
means you can mix and match Serval service with your favourite traditional
mesh routing protocols should you wish to use them.
> It also means that we can use interesting radio platforms that are too
slow to be useful on IP, e.g., ~100kbit/sec ISM band radios that have
ranges 10x to 100x that of Wi-Fi. We already have a working example of
this in our Serval Mesh Extender hardware device, which also shares many
common objectives with the Freedom Box.
> We think that we have some interesting technologies that are of use to
this community, and of course since we develop them as free and open-source
software, we encourage this community to take whatever they find useful,
and perhaps even open a conversation for us to work out what activities and
efforts are in the intersection of our needs and objectives, and apply some
combined energy that will accelerate our mutual progress towards our goals.
What my understanding is that if it get packed in Debian we could use it.
And with your presentation above, it looks very promising, indeed.
So the question is how to get packed into Debian.
Personally I think that IPv6 support are important, if not for anything
else than Internet of Things (IoT), where security is very important.
And as I understand your presentation Serval support both IPv4 and IPv6?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freedombox-discuss