[OpenWireless Tech] Securing Open Wireless

"Andy Green (林安廸)" andy at warmcat.com
Thu Jul 28 12:21:13 PDT 2011 

On 07/28/2011 08:05 PM, Somebody in the thread at some point said:
> On Thu, Jul 28, 2011 at 12:54 PM, "Andy Green (林安廸)"<andy at warmcat.com>  wrote:
>> Well, you jumped from it currently being difficult to set up, to it "not
>> providing the solution".  They can be made easier to set up.
>
> VPN both is difficult to set up, and doesn't provide the solution.
> Even assuming they are made easier (for example, SSL-based VPN), they
> will remain inaccessible to a large majority of people.

Again, "doesn't provide the solution" is disconnected from "difficult to 
set up".  Yes, you need to put your WPA passphrase in both your wireless 
router and all your mobile devices.  VPN setup with PSK is at the same 
level of "difficulty", you generate or type the phrase at your home 
router and put it on devices you wish to remotely access the router with.

So it does "provide the solution" for AP IP misuse and client crypto 
through the AP and internet to the home router.  If you want to reply 
again that it somehow does not solve something, please explain why.

> With this you are assuming that the majority of people...
> would be comfortable with copy/pasting, downloading and distributing

Yes, exactly like they are comfortable doing it for WPA passhrases, and 
according to my travels, that must be hundreds of millions of users already.

> I am not a lawyer, and legal liability (other than my own) is not my

That's OK I'm not planning to run an open AP based on your opinion ^^ 
In fact people have gotten into trouble all over the place, including 
the US and UK for IP addresses they are responsible for turning up in 
logs of transactions that are illegal.

>> VPNs uniquely have the effect of removing the AP's IP from the equation and
>> that's quite key for people to actually turn this on and offer this I
>> believe.
>
> Are you sure that it would remove liability, or even that there is

It removes evidence in the third-party logs that can even identify this 
AP as being part of the connection, just like the many ISP routers your 
packets pass through are not formally part of the connection.

-Andy

More information about the Tech mailing list