[OpenWireless Tech] Open secure wireless
Mitar
mmitar at gmail.com
Thu Jun 18 15:31:57 PDT 2015
Hi!
I think the main approach I would take is to not have any special
private key on the router, but just do session-based encryption. WPA2
is already doing that. (Of course, it is not perfect, if you listen to
initial frames you can decrypt traffic.) You should need a private key
only to prevent MITM attacks. But for example for mesh networks there
are so many other ways to do MITM that it is questionable how much
would be worth to do try to prevent it on the client connection.
Mitar
On Thu, Jun 18, 2015 at 12:55 AM, Russell Senior
<russell at personaltelco.net> wrote:
> Does this idea require a keeping a private key on the router? If so,
> that's a problem, since routers are often quite vulnerable to physical
> access. If an entire community network relied on a single certificate
> for authentication across all of their infrastructure (based on their
> extended SSID), then losing one AP could mean complete compromise.
>
> On Thu, Jun 18, 2015 at 12:18 AM, Diderik van Wingerden
> <diderik at think-innovation.com> wrote:
>> Hi Mitar,
>>
>> Thanks for sharing. I am no expert on the subject, but it sounds like a
>> great addition to open wireless (and wireless networking in general). So
>> would it be possible to implement this in LibreCMC (or OpenWRT) for
>> example? And would it then require something on the client's end? Like a
>> new driver or certificate, as you mention? I mean, the solution would of
>> course be adopted much faster if a client install/config of some sort
>> would not be necessary, or at least be super easy.
>>
>> best regards,
>> Diderik
>>
>>
>> On 17-06-15 21:00, tech-request at openwireless.org wrote:
>>> Send Tech mailing list submissions to
>>> tech at openwireless.org
>>>
>>> To subscribe or unsubscribe via the World Wide Web, visit
>>> https://srv1.openwireless.org/mailman/listinfo/tech
>>> or, via email, send a message with subject or body 'help' to
>>> tech-request at openwireless.org
>>>
>>> You can reach the person managing the list at
>>> tech-owner at openwireless.org
>>>
>>> When replying, please edit your Subject line so it is more specific
>>> than "Re: Contents of Tech digest..."
>>>
>>>
>>> Today's Topics:
>>>
>>> 1. Open secure wireless (Mitar)
>>>
>>>
>>> ----------------------------------------------------------------------
>>>
>>> Message: 1
>>> Date: Wed, 17 Jun 2015 04:33:16 -0700
>>> From: Mitar <mmitar at gmail.com>
>>> To: tech at openwireless.org
>>> Subject: [OpenWireless Tech] Open secure wireless
>>> Message-ID:
>>> <CAKLmikP830_XKz2aAiW0wpD7fAOS+OZGUG46sOBC1fG8JHGXHw at mail.gmail.com>
>>> Content-Type: text/plain; charset=UTF-8
>>>
>>> Hi!
>>>
>>> Reading this old post:
>>>
>>> https://www.eff.org/deeplinks/2011/04/open-wireless-movement
>>>
>>> I wanted to point some research done on this some time ago:
>>>
>>> http://www.riosec.com/articles/Open-Secure-Wireless
>>> http://www.riosec.com/articles/Open-Secure-Wireless/Open-Secure-Wireless.pdf
>>>
>>> And also some progress:
>>>
>>> http://www.riosec.com/articles/open-secure-wireless-20
>>>
>>> If you are not doing that already, I think EFF should get on board of
>>> supporting those changes to the standard.
>>>
>>> (BTW, originally, as presented in 1.0 paper, WiFi standard does allow
>>> open and secure connections, just no operating system really
>>> implements it because they all first prompt for the password, before
>>> trying to connect to the encrypted WiFi network to figure out the
>>> password is really required.)
>>>
>>>
>>> Mitar
>>>
>>
>> --
>> Warm regards, hartelijke groet,
>>
>> Diderik van Wingerden
>> +31621639148
>> http://www.think-innovation.com/
>>
>> "Do what is right."
>>
>> _______________________________________________
>> Tech mailing list
>> Tech at openwireless.org
>> https://srv1.openwireless.org/mailman/listinfo/tech
> _______________________________________________
> Tech mailing list
> Tech at openwireless.org
> https://srv1.openwireless.org/mailman/listinfo/tech
--
http://mitar.tnode.com/
https://twitter.com/mitar_m
More information about the Tech
mailing list