[OpenWireless Tech] Securing Open Wireless
Natanael
natanael.l at gmail.com
Thu Jul 28 23:18:29 PDT 2011
Comments below:
Den 29 jul 2011 06.16 skrev "Michael Blizek" <
michi1 at michaelblizek.twilightparadox.com>:
>
> Hi!
>
> On 15:27 Thu 28 Jul , Christopher Byrd wrote:
> > On Thu, Jul 28, 2011 at 2:49 PM, Michael Blizek
> > <michi1 at michaelblizek.twilightparadox.com> wrote:
> > >> That's part of it. Systems leak a lot of information before the VPN
is
> > >> established, and most of it is protocols other than HTTP.
> > >
> > > Then the VPN is broken and can be fixed. VPNs should not allow any
traffic
> > > bypassing. On my systems, when the VPN is down, data simply gets
dropped.
> >
> > Really? How do you log into the wireless hotspot captive portals then?
>
> These portals will need to die at some point anyway. You have said
yourself
> what kind of cache poisoning attacks will became possible. Also these
portal
> are annoying and make some things hard or impossible - like mobile phones
> transparantly using them.
Well, this is exactly why we these discussions.
Why not create a standardized API for precisely that? (About the
transparency thing.)
There could be a way to tell clients that some things are allowed, some
aren't and that there are certain terms and requirements.
About the security, I think we can get that working anyway. And as said (or
implied) before, these screens are ONLY for use when the AP owner want all
users to use VPNs, only, and if they use two-way authentication with the
VPNs then what's the big deal? What can anybody do that they couldn't
before?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/tech/attachments/20110729/e4ad2adf/attachment.html>
More information about the Tech
mailing list