[OpenWireless Tech] Securing Open Wireless
Michael Blizek
michi1 at michaelblizek.twilightparadox.com
Thu Jul 28 10:19:00 PDT 2011
Hi!
On 17:43 Thu 28 Jul , "Andy Green (?????????)" wrote:
...
> Yeah I don't think the aim should be to authenticate the AP. The AP
> should not be trusted at all because in fact, you don't know what's
> going on in there and there can and will be malicious APs.
>
> In the VPN case, like SSL, the encrypted tunnel extends from the
> client to the remote server, the AP is a conduit only for encrypted
> content he can't decrypt. Then we don't have to care about snooping
> at the untrusted AP, all he sees is encrypted mush to and from the
> VPN server.
VPNs are surely a nice solution too. But then the question which VPN endpoint
do you connect to...
> he doesn't even know what sites you are visiting inside
> the encrypted link since DNS can go down there as well.
The AP operator will see the amount of data transfered and the timing. This
may be enough to know which sites you are seeing. If you want to avoid this,
you will need to add padding.
-Michi
More information about the Tech
mailing list