[OpenWireless Tech] Allow only open VPN traffic

Sat Jul 30 20:29:15 PDT 2011

On 07/30/2011 01:47 PM, Peter Eckersley wrote:

> You both have good points here :)
>
Thanks for being diplomatic :)

> At some point in the not two distant future, this list should start focussing
> on requirements.  But it's probably fine to start with a rambling discussion
> ways that things could be done, in order to have explored the space of
> possibilities decently well.
>
OK, fair enough - that's a very good idea.

As far as I understood, the ultimate goal of the entire initiative is to
make sure that there will still be open WiFi hotspots available in the
long run. One important milestone on the way there is to make Internet
access via hotspots secure (confidentiality, integrity, availablility),
both for the users and for the operators of these hotspots. Ideally,
this is achieved while preserving anonymity, just to cater for the needs
of less democratic environments. It sounds like diametrically
incompatible to have both security for hotspot operators and anonymity
for users, but I believe with so many smart people on this list, we'll
figure a way to get there ;)

I like splitting "big", seemingly unachievable distant goals into
smaller chunks that can be discussed and worked on individually. It's
called salami tactics.

People on this list have started discussing different important topics,
like how to protect the privacy of users with encryption (aka VPN), and
how to protect the hotspot operators from legal issues caused by "not so
friendly" users of their hotspots.

Unfortunately, the legal aspects vary from country to country, so
eventually instead of a "one fits it all" approach, we'll have to have
some kind of modularity/flexibility here to allow for different legal
domains, just like the radio parameters of 802.11 devices like channels
and power limits are adjusted based on the regulatory domain.

We're techies here on this list, and I don't think we should try to
solve (all) the legal aspects. What we can do however is help lawmakers
understand how the Internet works (generally, they have a huge lack of
cluons), and help them improve the laws.

We need to make sure they are aware that certain aspects like the German
"Mitstörerhaftung", ie. civil co-liability for anything a user does via
your open access points, are fundamentally incompatible with an open
Internet. It is then a political decision whether one favours
ubiquitous, open Internet access or protecting third party interests, or
a balanced approach.

Fortunately, the technical aspects are most likely the same all over the
planet, because everyone (except .cn)[1] is using a subset of IEEE 802,
that's the foundation we should build upon. I'm CCing Vic Hayes here,
who was the first chairman of the IEEE 802.11 working group, who is a
tireless warrior against the Digital Divide and a founding member of the
Open Spectrum Alliance. [2]

I think we should try to reuse existing, proven technologies whenever
possible, and only if we find that they lack certain features that we
need to achieve our goal, try to define a new standard. New standards
should come with two independent reference implementations, ideally
successful field tests and can then go through the appropriate
standardization process in the IEEE and/or IETF, whichever is more
appropriate.

Just my 5c - please forgive me if I stay on the meta level hear, but I
believe it is important that we're all on the same page before we start
digging into details :)

Alex

[1]
http://en.wikipedia.org/wiki/WLAN_Authentication_and_Privacy_Infrastructure
[2] http://openspectrum.eu/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <https://lists.eff.org/pipermail/tech/attachments/20110731/87cba951/attachment.sig>