[Cu-wireless] Ideas about a bootp server

David Young dyoung at pobox.com
Thu Mar 20 19:11:18 CST 2003 

Ralph,

These days, DHCP is usually used in place of BOOTP. DHCP is actually
an extension to BOOTP. DHCP messages commonly carry an IP assignment,
a gateway address, and a nameserver address.  The messages can carry
essentially any boot parameter, however, be it an encryption key, a boot
image filename and server, etc.

I offer this thought about setting up a VPN: put a public key into your
router whose private counterpart is only held by the operator of the VPN
server. Program the router so that when it wants to open a secure tunnel,
it produces a session key, it encrypts the session key with the public
key, and it sends the encrypted key to the VPN server. The VPN server
answers with a session key encrypted with its private key. Now both
hosts have all that they need to start tunneling. SSH already does this.
I believe you can safely put the same public key into every router on
the network.

A router *does* need to know its IP address to participate in routing.

Dave

On Thu, Mar 20, 2003 at 05:10:37PM -0600, Ralph Johnson wrote:
> Mdhur Nigam and I have been thinking about how to give a router a private
> key so that it could set up a VPN to a distant site.  Our current solution
> is to have one or more of the machines in the house running a bootp server,
> and for the router to ask it for its "boot" and to get the private key in
> return.  This is not a perfect solution.  The biggest problem is that
> someone can break into your house, stick a machine with a bootp client on it
> on your network, and steal your private key.  But otherwise it is pretty
> good.  In general, the only time the router will need a private key is if
> one of the machines in your house is working.  It won't need a key if all it
> is going do to is to pass the message on.  So, if you turn off your bootp
> server and go on vacation and a power surge resets your router, it won't
> harm anything.
> 
> I am wondering what else could be handled this way.  Could we provide an IP
> address with a bootp server?  The radio channel to use?  My current thought
> is that IP address is OK, but radio channel is not, because a router always
> needs to know its radio channel, but not its IP address unless traffic is
> directed to it.  Or will other routers need to know its IP address to route
> traffic through it?
> 
> -Ralph Johnson
> 
> _______________________________________________
> Cu-wireless mailing list
> Cu-wireless at lists.groogroo.com
> http://lists.cu.groogroo.com/cgi-bin/listinfo/cu-wireless
> Project Page: http://cuwireless.ucimc.org

-- 
David Young             OJC Technologies
dyoung at ojctech.com      Urbana, IL * (217) 278-3933

More information about the CU-Wireless mailing list