[OpenWireless Tech] Securing Open Wireless
Christopher Byrd
chris at riosec.com
Thu Jul 28 12:05:54 PDT 2011
On Thu, Jul 28, 2011 at 12:54 PM, "Andy Green (林安廸)" <andy at warmcat.com> wrote:
> Well, you jumped from it currently being difficult to set up, to it "not
> providing the solution". They can be made easier to set up.
VPN both is difficult to set up, and doesn't provide the solution.
Even assuming they are made easier (for example, SSL-based VPN), they
will remain inaccessible to a large majority of people.
>
> For example folks with a wireless router are used to connecting to it with a
> browser and configuring its SSID name and other parameters. If it had an
> additional checkbox to turn on VPN service and a field with an autogenerated
> random Pre-Shared Key for you to copy and paste, or button for .p12 download
> for self-signed client cert setup on your other devices, I think that'd be
> easy enough. And that is certainly "providing the solution".
With this you are assuming that the majority of people...
would be comfortable with copy/pasting, downloading and distributing
keys from their wireless routers.
know how to log into their wireless router.
even have a wireless router at all
are allowed to run a VPN service by a person's home ISP
have a home internet connection in the first place.
> I think you're right that solves the snooping issue between the user and the
> AP, but this proposal does not solve the liability problem for the AP
> operator since everything the anonymous users do goes out with his IP.
I am not a lawyer, and legal liability (other than my own) is not my
problem. I am proposing a technical solution to a technical problem -
how to secure open wireless networks. Let the lawyers and politicians
deal with the law.
And as I mentioned before, securing the wireless channel does not
prevent secondary authentication through captive portals, hotspot VPN
requirements, traffic filtering or prioritization; and in some cases
it enables and helps secure those things.
> VPNs uniquely have the effect of removing the AP's IP from the equation and
> that's quite key for people to actually turn this on and offer this I
> believe.
Are you sure that it would remove liability, or even that there is
liability in the first place? Isn't it possible that hotspot operators
operating in good faith are exempt from liability? I think that is a
question for a lawyer to answer, unless you happen to be one - and
even still the answer would differ based upon jurisdiction.
Christopher
More information about the Tech
mailing list