TrustedNodes option in TINC
Mathieu GIANNECCHINI
mathieu.giannecchini at auf.org
Fri Apr 8 14:37:30 CEST 2005
>Mixing trusted and untrusted nodes in one VPN has all
>sorts of consequences and is hard to implement right, so it hasn't been
>done yet.
>
>
Can you explain that or give us an example, we're not sure to understand
where is the problem ?
>>In net_packet.c and protocol_key.c we see :
>> send_req_key(n->nexthop->connection, myself, n);
>>
>>The question is : how to be sure that "n->nexthop->connection" will be a
>>"trusted connection" ? (c->name in TrustedNode). One of our question is
>>: if we cancel any ADD_* from untrusted node, can nexthop be a untrusted
>>node ?...
>>
>>
>The nexthops are always trusted.
>
>
Our question was about an option "trustedNodes". For us the meaning of
"trusted" is a node which is in a fixed list of trusted nodes.
>But
>anyway, a "nexthop" is always a node with whom we have a TCP connection,
>and tinc only makes TCP connections with other tinc daemons for which it
>knows the public key.
>
It's not possible to add a constraint "the nexthop has to be in the
TrustedNodes list"
For the next full moon if you want , and i have some chickens in the
fridge too ;)
Thanks
--
Mat
More information about the tinc-devel
mailing list