[OpenWireless Tech] Securing Open Wireless
"Andy Green (林安廸)"
andy at warmcat.com
Thu Jul 28 12:21:13 PDT 2011
On 07/28/2011 08:05 PM, Somebody in the thread at some point said:
> On Thu, Jul 28, 2011 at 12:54 PM, "Andy Green (林安廸)"<andy at warmcat.com> wrote:
>> Well, you jumped from it currently being difficult to set up, to it "not
>> providing the solution". They can be made easier to set up.
>
> VPN both is difficult to set up, and doesn't provide the solution.
> Even assuming they are made easier (for example, SSL-based VPN), they
> will remain inaccessible to a large majority of people.
Again, "doesn't provide the solution" is disconnected from "difficult to
set up". Yes, you need to put your WPA passphrase in both your wireless
router and all your mobile devices. VPN setup with PSK is at the same
level of "difficulty", you generate or type the phrase at your home
router and put it on devices you wish to remotely access the router with.
So it does "provide the solution" for AP IP misuse and client crypto
through the AP and internet to the home router. If you want to reply
again that it somehow does not solve something, please explain why.
> With this you are assuming that the majority of people...
> would be comfortable with copy/pasting, downloading and distributing
Yes, exactly like they are comfortable doing it for WPA passhrases, and
according to my travels, that must be hundreds of millions of users already.
> I am not a lawyer, and legal liability (other than my own) is not my
That's OK I'm not planning to run an open AP based on your opinion ^^
In fact people have gotten into trouble all over the place, including
the US and UK for IP addresses they are responsible for turning up in
logs of transactions that are illegal.
>> VPNs uniquely have the effect of removing the AP's IP from the equation and
>> that's quite key for people to actually turn this on and offer this I
>> believe.
>
> Are you sure that it would remove liability, or even that there is
It removes evidence in the third-party logs that can even identify this
AP as being part of the connection, just like the many ISP routers your
packets pass through are not formally part of the connection.
-Andy
More information about the Tech
mailing list