[OpenWireless Tech] Eventual (long term) solutions
"Andy Green (林安廸)"
andy at warmcat.com
Thu Nov 29 19:50:55 PST 2012
On 11/30/2012 11:44 AM, the mail apparently from John Gilmore included:
>> I appreciate the improved security of WPA while lamenting
>> the disappearance of open WiFi. ...
>> The eventual solution is probably something like an OpenID service for
>> 802.1X with access points advertising their participation via 802.11u.
>
> Just because OpenID has "open" in its name does not mean it is good.
> It's a protocol for identifying yourself.
>
> If people (eventually) need to use OpenID to access an access point,
> then it isn't an open access point. There is no point in
> authenticating yourself to an open port -- it would be like
> authenticating the AC power plug you stick in the wall socket, or
> authenticating the Ethernet cable you plug into a switch port. We
> could build power sockets and Ethernet switches that way, but if we
> did, only niche markets would use them. Everybody else would just
> keep using the open ones that don't hassle you when you try to use
> 'em. (HDMI requires authentication every time it gets plugged in, due
> to its origins in Hollywood cartel DRM and the Intel monopoly, and
> it's caused endless hassle to consumers.)
Just a nit HDMI itself is more like the power sockets you mention above.
There's some optional DRM junk on top but separate called HDCP that
makes the trouble. HDMI without HDCP is pretty collegial.
> I think a better eventual solution is to provide a WPA-like protocol
> that doesn't assign the exact same key to everyone who supplies the
> same password (WPA does that, oops!). If the protocol did
> Diffie-Hellman, then each node that connects would get a unique key,
> that is shared only with the access point. This protocol could be
> used both on the WPA (restricted, personal) side of the access point,
> and on the open (unrestricted, public) side. Any WiFi node that used
> this protocol would protect itself from its traffic being sniffed by
> anyone except the access point itself. Doing this would require
> working in the 802.11 standards committees to define and find
> agreement on such a protocol, to be deployed in future WiFi hardware.
> WiFi keeps evolving quickly, with new generations every few years,
> so there is plenty of opportunity to improve the security protocols
> in subsequent generations.
This'll solve the local peer sniffing problem.
But (and it seems not everyone is ready to agree they are problems) it
doesn't solve the malicious AP snooping side or the "AP operator is
legally responsible for client use of their IP" problem.
-Andy
More information about the Tech
mailing list