[OpenWireless Tech] The police came to the AP owner first, then sniffed the air to find real culprit

"Andy Green (林安廸)" andy at warmcat.com
Thu Jan 3 00:41:06 PST 2013 

On 03/01/13 15:08, the mail apparently from californiajack at tormail.org 
included:

>> solutions in parallel without spending so much energy knocking down
>> other people's ideas, more progress will be made. That's not to say
>
> These are old ideas, and knocking them down is as easy as knocking WEP
> down. They are suboptimal, and people should be made aware of the HUGE

What do you mean by comparing VPN to WEP, that it is insecure like WEP? 
  It is not.

> weaknesses, in this case the weakness is primarily that VPN is a
> client-server solution, and asking all clients and all servers to
> implement it will end up in the same situation we are in now. The weakness

SSL is a "client server solution" that has done great and has spread to 
even computationally weak and inexpensive clients, hell even HTTP is a 
"client server solution".  So is WPA / AP model itself.  Not sure what 
insight you think it is bringing to the table to say that VPN is bad 
because there are clients and servers.  It's already proposed that home 
routers become the "VPN server" for the remote owner solving 
provisioning and secure setup for VPN clients by doing it at his home 
network as a one-off.

> really isn't a protocol one, but one of application. The proof is in the
> pudding: because VPN as a solution to wifi has already been recommended a
> long time ago, and no one uses it a decade later because it is impractical
> and hack-ish.

Plenty of people use corporate VPN over unsecured Wifi, because it's a 
very nice solution allowing the use of even hostile APs without 
compromising ability to use content from the secure network safely. 
Those are characteristics we can all benefit from.

The additional benefit above that is that VPN-only APs can decouple 
themselves from responsibility for what that secure client traffic is, 
since the AP IP is not used to get it from the Internet.

Do you have a way to get those characteristics from a better scheme? 
Let's talk about that if so.

-Andy

More information about the Tech mailing list