Another example for a secure wireless mesh can be GNUnet.
It does not require a central instance that could be compromised.
Every AP/client has his own (public)key.
without the need of central authorities.
The standard GNUnet although has Perfect Future Secrecy.
feature too.
Post by Christopher ByrdWPA-Enterprise requires a private key on the authentication server, but
the AS doesn't have to run on the access point. In a distributed
scenario like a community network, it's likely there would be a
centralized AS. If you use good practices and don't use the same RADIUS
key for all routers, then loosing one AP would likely compromise only
sessions on that AP. The exception here is if fast credential roaming
(like 802.11r) is used, in which case other sessions may be cached on
the AP as well. Some distributed wireless systems use a lightweight AP
and centralized controller (split-MAC architecture); in those instances
not much of value (other than the hardware) is lost when an AP is
compromised.
Christopher
On Thu, Jun 18, 2015 at 2:55 AM, Russell Senior
Does this idea require a keeping a private key on the router? If so,
that's a problem, since routers are often quite vulnerable to physical
access. If an entire community network relied on a single certificate
for authentication across all of their infrastructure (based on their
extended SSID), then losing one AP could mean complete compromise.
On Thu, Jun 18, 2015 at 12:18 AM, Diderik van Wingerden
Post by Diderik van WingerdenHi Mitar,
Thanks for sharing. I am no expert on the subject, but it sounds
like a
Post by Diderik van Wingerdengreat addition to open wireless (and wireless networking in
general). So
Post by Diderik van Wingerdenwould it be possible to implement this in LibreCMC (or OpenWRT) for
example? And would it then require something on the client's end?
Like a
Post by Diderik van Wingerdennew driver or certificate, as you mention? I mean, the solution
would of
Post by Diderik van Wingerdencourse be adopted much faster if a client install/config of some sort
would not be necessary, or at least be super easy.
best regards,
Diderik
Send Tech mailing list submissions to
To subscribe or unsubscribe via the World Wide Web, visit
https://srv1.openwireless.org/mailman/listinfo/tech
or, via email, send a message with subject or body 'help' to
You can reach the person managing the list at
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Tech digest..."
1. Open secure wireless (Mitar)
----------------------------------------------------------------------
Post by Diderik van WingerdenMessage: 1
Date: Wed, 17 Jun 2015 04:33:16 -0700
Subject: [OpenWireless Tech] Open secure wireless
Content-Type: text/plain; charset=UTF-8
Hi!
https://www.eff.org/deeplinks/2011/04/open-wireless-movement
http://www.riosec.com/articles/Open-Secure-Wireless
http://www.riosec.com/articles/Open-Secure-Wireless/Open-Secure-Wireless.pdf
Post by Diderik van Wingerdenhttp://www.riosec.com/articles/open-secure-wireless-20
If you are not doing that already, I think EFF should get on board of
supporting those changes to the standard.
(BTW, originally, as presented in 1.0 paper, WiFi standard does allow
open and secure connections, just no operating system really
implements it because they all first prompt for the password, before
trying to connect to the encrypted WiFi network to figure out the
password is really required.)
Mitar
--
Warm regards, hartelijke groet,
Diderik van Wingerden
+31621639148 <tel:%2B31621639148>
http://www.think-innovation.com/
"Do what is right."
_______________________________________________
Tech mailing list
https://srv1.openwireless.org/mailman/listinfo/tech
_______________________________________________
Tech mailing list
https://srv1.openwireless.org/mailman/listinfo/tech
_______________________________________________
Tech mailing list
https://srv1.openwireless.org/mailman/listinfo/tech
and to integrate them in a comprehensive product.
several services.