IMHO it is legit to use encryption even in a free network. Not all links must be available for new connectios but the net (as a whole) must be. So there might be zones or links of a free network implementing p2p links or link layer encryption.

However under my point of view, as Ilario says the security should relay on the user layer and not on the link layer. It will be, for sure, more secure to implement VPN security than a shared WPA encryption key.

In any case WPA2 preshared key exist for ADHOC but as fas as I know it is not yet considered stable.

In the other side, would be nice to test 802.11s as a link layer and its native encryption with libremesh. Please let us know if you try it.

Last but not least, bmx7 implements security mechanisms for signing packets but not yet p2p encryption for the uset data. As far as I know it will be implemented soon using IPsec.

Cheers.

On 20 de gener de 2017 14:21:27 GMT-03:00, Ilario <iochesonome@gmail.com> wrote:
2017-01-20 17:01 GMT+01:00 bruno vianna <bruno@pobox.com>:
 are the lime ad-hoc connections encrypted?

I think that ad-hoc doesn't support encryption (but seems that 802.11s
does [1]).
In my opinion doing encryption at this level is a trouble, because if
the encryption key is not public => the network is not open to
participation (LibreMesh is made for "libre" networks); otherwise if
the key is public => the security is gone.
So the encryption has to be managed at an application layer (VPN, HTTPS...).
I suppose that BMX6 supports some encryption... Dunno really...

A closed-network profile for LibreMesh could be developed, it would
need the lime-proto-client package (partially implemented [2]) and
lime-proto-wpa. The mesh connections would be AP-Station (or 802.11s)
instead of adhoc.

The question from Koen was exactly if WPA was already automagic in
LibreMesh: not yet, an idea which will be proposed for GSoC is about
this.

@Koen: if adding encryption just to the AP interface is enough, should
be easy to manually modify the /etc/config/wireless file generated by
lime-config adding WPA encryption to AP interface.

[1] https://en.wikipedia.org/wiki/IEEE_802.11s#Peer_authentication_methods
[2] https://github.com/libremesh/lime-packages/issues/47

lime-users mailing list
lime-users@lists.libremesh.org
https://lists.libremesh.org/mailman/listinfo/lime-users

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.