[OpenWireless Tech] The police came to the AP owner first, then sniffed the air to find real culprit
David Fine
dfine at sonic.net
Thu Nov 29 09:16:14 PST 2012
Good question. I appreciate the improved security of WPA while lamenting
the disappearance of open WiFi. The current best solution is for AP
operators to run a private network for themselves and an open one for
guests. It's possible to do securely and with QOS on most routers, and
people affiliated with this list are working on improving OpenWRT to
make it easier. There may be growing pains as the law catches up to the
technology, and many of us are willing to take that small amount of
risk. Because the law is more likely to fall on our side if OpenWiFi is
the norm instead of an exception.
The eventual solution is probably something like an OpenID service for
802.1X with access points advertising their participation via 802.11u.
That still places some trust in the AP operator, so end-to-end SSL
covers the important stuff and a lot of clients will still choose to use
a VPN. It would be ideal if every client had a fast VPN to use, but
that's not the piece of the puzzle openwireless needs to focus on at
this stage.
--DF
> I take it you accept the norm has become WPA. but want to change
> that... so what approach will you take to change people's perception
> (which appears to match the reality for individuals) that it is risky
> to them to run unencrypted? Because unless something changes they
> won't move off WPA.
>
> -Andy
>
>> On 11/28/12 7:54 PM, Eugene Smiley wrote:
>>> On Wed, Nov 28, 2012 at 9:42 PM, Brad Knowles <brad at shub-internet.org
>>> <mailto:brad at shub-internet.org>> wrote:
>>>
>>> On Nov 28, 2012, at 6:14 PM, Eugene Smiley <eug.smiley at gmail.com
>>> <mailto:eug.smiley at gmail.com>> wrote:
>>>
>>> > WPA is easy compared to setting up a VPN, firewall rules, and
>>> some form of
>>> > dyndns all at once. WPA is easy compared to flashing firmware on
>>> your
>>> > router were someone has already magically set up a VPN, firewall
>>> rules, and
>>> > dyndns.
>>>
>>> And WEP is simpler still. So maybe everyone should be forced to
>>> use WEP instead
>>>
>>>
>>> Context is everything and the part you left out is that the context
>>> here is the overly complex system that a Phone Home VPN would require
>>> of user who likely can type in a passphrase but not do the others
>>> quoted.
>>>
>>> http://lmgtfy.com/?q=internet+cafe+raid
>>>
>>>
>>> Touche, sir.
>>>
>>>
>>> _______________________________________________
>>> Tech mailing list
>>> Tech at srv1.openwireless.org
>>> https://srv1.openwireless.org/mailman/listinfo/tech
>>
>>
>>
>> _______________________________________________
>> Tech mailing list
>> Tech at srv1.openwireless.org
>> https://srv1.openwireless.org/mailman/listinfo/tech
>>
>
More information about the Tech
mailing list