[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Comments on draft-ietf-manet-olsr-11

Optimized Link State Routing Protocol (Experimental)
<draft-ietf-manet-olsr-11.txt>

In section 20.1, I asked the authors to provide a reference to at least one "regular cryptographic technique" for confidentiality. The authors included a reference to PGP. PGP is traditionally used at the application layer. I expected a reference to IPsec ESP, which does include support for multicast traffic. If PGP is a better fit in this situation, it deserves explanation.

In section 20.2, I asked for an explanation of "Authenticated signatures on control messages." Which resulted in the following text:

An important consideration is, that all control messages in OLSR are
transmitted either to all nodes in the neighborhood (HELLO messages)
or broadcast to all nodes in the network (e.g. TC messages). I.e.
a control message in OLSR is always a point-to-multipoint
transmission. It is therefore important that the authentication
mechanism employed permits that any receiving node can validate the
authenticity of a message. As an analogy, given a block of text,
signed by a PGP private key, then anyone with the corresponding
public key can verify the authenticiy of the text.

Please correct the spelling of authenticity.

Again, PGP does not seem like the correct mechanism. Further, a message authentication code is acceptable if the source needs to be limited to the collection of nodes that know the key. IPsec ESP provides this service in a multicast environment. If the node must know the precise source of each control message, then a digital signature is probably going to be needed. The work on SBGP may offer a way forward in this area.