Hi all, Another example for a secure wireless mesh can be GNUnet. It does not require a central instance that could be compromised. Every AP/client has his own (public)key. Filesharing is anonymous already, they are implementing Onion Routing without the need of central authorities. The standard GNUnet although has Perfect Future Secrecy. Right know i don't know wether the tiny packaging will include that feature too. It's still in process: https://github.com/openwrt/packages/tree/master/net/gnunet
Cheers Demos Am 18.06.2015 um 23:22 schrieb Christopher Byrd: > > WPA-Enterprise requires a private key on the authentication server, but > the AS doesn't have to run on the access point. In a distributed > scenario like a community network, it's likely there would be a > centralized AS. If you use good practices and don't use the same RADIUS > key for all routers, then loosing one AP would likely compromise only > sessions on that AP. The exception here is if fast credential roaming > (like 802.11r) is used, in which case other sessions may be cached on > the AP as well. Some distributed wireless systems use a lightweight AP > and centralized controller (split-MAC architecture); in those instances > not much of value (other than the hardware) is lost when an AP is > compromised. > > Christopher > > On Thu, Jun 18, 2015 at 2:55 AM, Russell Senior > <[email protected] <mailto:[email protected]>> wrote: > > Does this idea require a keeping a private key on the router? If so, > that's a problem, since routers are often quite vulnerable to physical > access. If an entire community network relied on a single certificate > for authentication across all of their infrastructure (based on their > extended SSID), then losing one AP could mean complete compromise. > > On Thu, Jun 18, 2015 at 12:18 AM, Diderik van Wingerden > <[email protected] <mailto:[email protected]>> > wrote: > > Hi Mitar, > > > > Thanks for sharing. I am no expert on the subject, but it sounds > like a > > great addition to open wireless (and wireless networking in > general). So > > would it be possible to implement this in LibreCMC (or OpenWRT) for > > example? And would it then require something on the client's end? > Like a > > new driver or certificate, as you mention? I mean, the solution > would of > > course be adopted much faster if a client install/config of some sort > > would not be necessary, or at least be super easy. > > > > best regards, > > Diderik > > > > > > On 17-06-15 21:00, [email protected] > <mailto:[email protected]> wrote: > >> Send Tech mailing list submissions to > >> [email protected] <mailto:[email protected]> > >> > >> To subscribe or unsubscribe via the World Wide Web, visit > >> https://srv1.openwireless.org/mailman/listinfo/tech > >> or, via email, send a message with subject or body 'help' to > >> [email protected] > <mailto:[email protected]> > >> > >> You can reach the person managing the list at > >> [email protected] > <mailto:[email protected]> > >> > >> When replying, please edit your Subject line so it is more specific > >> than "Re: Contents of Tech digest..." > >> > >> > >> Today's Topics: > >> > >> 1. Open secure wireless (Mitar) > >> > >> > >> > ---------------------------------------------------------------------- > >> > >> Message: 1 > >> Date: Wed, 17 Jun 2015 04:33:16 -0700 > >> From: Mitar <[email protected] <mailto:[email protected]>> > >> To: [email protected] <mailto:[email protected]> > >> Subject: [OpenWireless Tech] Open secure wireless > >> Message-ID: > >> > <caklmikp830_xkz2aaiw0wpd7faos+ozgug46sobc1fg8jhg...@mail.gmail.com > > <mailto:caklmikp830_xkz2aaiw0wpd7faos%[email protected]>> > >> Content-Type: text/plain; charset=UTF-8 > >> > >> Hi! > >> > >> Reading this old post: > >> > >> https://www.eff.org/deeplinks/2011/04/open-wireless-movement > >> > >> I wanted to point some research done on this some time ago: > >> > >> http://www.riosec.com/articles/Open-Secure-Wireless > >> > > http://www.riosec.com/articles/Open-Secure-Wireless/Open-Secure-Wireless.pdf > >> > >> And also some progress: > >> > >> http://www.riosec.com/articles/open-secure-wireless-20 > >> > >> If you are not doing that already, I think EFF should get on board of > >> supporting those changes to the standard. > >> > >> (BTW, originally, as presented in 1.0 paper, WiFi standard does allow > >> open and secure connections, just no operating system really > >> implements it because they all first prompt for the password, before > >> trying to connect to the encrypted WiFi network to figure out the > >> password is really required.) > >> > >> > >> Mitar > >> > > > > -- > > Warm regards, hartelijke groet, > > > > Diderik van Wingerden > > +31621639148 <tel:%2B31621639148> > > http://www.think-innovation.com/ > > > > "Do what is right." > > > > _______________________________________________ > > Tech mailing list > > [email protected] <mailto:[email protected]> > > https://srv1.openwireless.org/mailman/listinfo/tech > _______________________________________________ > Tech mailing list > [email protected] <mailto:[email protected]> > https://srv1.openwireless.org/mailman/listinfo/tech > > > > > _______________________________________________ > Tech mailing list > [email protected] > https://srv1.openwireless.org/mailman/listinfo/tech > -- Echt Dezentrales Netz - EDN: The goal of EDN is to verify the applicability of existing technologies and solutions, and to integrate them in a comprehensive product. High level security communication via an Open Wireless Meshnet including several services. https://wiki.c3d2.de/Echt_Dezentrales_Netz/en Key here: https://pgp.mit.edu/pks/lookup?op=get&search=0x9B365E2DBF83D308
0xBF83D308.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Tech mailing list [email protected] https://srv1.openwireless.org/mailman/listinfo/tech
