[OpenWireless Tech] Securing Open Wireless
Michael Blizek
michi1 at michaelblizek.twilightparadox.com
Thu Jul 28 09:28:03 PDT 2011
Hi!
On 11:03 Thu 28 Jul , Christopher Byrd wrote:
...
> - EAP-TLS without client authentication provides a secure wireless
> connection without client authentication similar to how HTTPS works
> for web sites.
>
> - Server certificate validation is possible. These changes would
> benefit both this solution and existing closed (enterprise) EAP-TLS
> and EAP-PEAP networks.
I do not really see how the certificates would help at all. First, getting
them has a significant time and cost impact, especially for individuals.
Second, they do not protect you if the operator itself is evil. Third, you
probably do not even need them for protection against man-in-the-middle
attacks. See the last paragraph of my previous link at:
http://michaelblizek.twilightparadox.com/projects/cor/internet_exit.html
Fourth, these certificates might even make it easier to cause intented legal
problems to the hotspot operator.
-Michi
More information about the Tech
mailing list