[MLB-WIRELESS] more important issues <aka: guerilla radio is by ninjas, for ninjas. Worked for global IP's development!>

vortex vortex at free2air.net
Fri Nov 2 08:40:03 EST 2001


The issue with IPsec is that it is not ubiquitous in terms of ease of use 
with most people and that it is yet another distraction (or at least a value 
added service) in terms of goals we need to achieve. Well, for the moment ...

Let's think about what controls IPsec gives.

	1. Data Privacy (through encryption)
	2. Data Integrity (through strong data checksumming)
	3. Authentication & Authorisation (though IKE, shared secrets, etc)

All these elements can be important in an IT environment, but usually, it 
depends sensible risk management to evaluate the importance of these controls 
given the information (and its value) that is being transferred.

IMHO, what is useful in joining (on the whole disparate) wireless clusters 
(bawug, free2air, consume, seatlewireless, etc), is tunnelling. To build 
common networked communities beyond a physical geographic domain that RF 
networks are bound by.

What is important, from a free2air perspective, is more to do with what we 
can achieve with joining wireless communities in a real sense, rather than 
implementing the security controls that IPsec offer.

Watch this space real soon ;-)

.vortex

On Tuesday 30 October 2001 12:22 pm, Michael Bailey wrote:
> IPSEC can be used to create a secure tunnel between two hosts. I would like
> to think that anyone running a 'backbone' node would be technical enough to
> set up an IPSEC tunnel to other nodes.
>
> Check out http://www.freeswan.org/ for an open source IPSEC implementation.
>
> WEP is flawed, not useless. It takes more effort to sniff traffic when it
> is encrypted with WEP. Yes, it can be done but you do need to capture 1-3
> GIG traffic before cracking the key. WEP is not going to be much good for
> public access nodes though as it's a 'shared secret' (oxymoron?). The key
> would have to be publicly available and thus trivial to obtain.
>
> - Mike
>
> On Mon, Oct 29, 2001 at 02:22:15PM +1100, Steven Haigh wrote:
> > Hmmmm... I'm not too familiar with IPv6/IPSEC etc... I know *everything*
> > out there has IPV4 support... I was thinking that anything else could
> > provide issues with compatability...
> >
> > I'm all for backbones with encryption, but it comes down to defining
> > backbones... using no encryption is just a matter of plug 'n' connect -
> > which has got to be the most simple way to do things... It also allows
> > the avereage joe to get set up easily, and leave the geeky things to
> > those who love it (I'm on of them :)
> >
> > Signed,
> > Steven Haigh
> >
> > Out the 100Base-T, off the firewall, through the router, down the T1,
> > over the leased line, off the bridge, nothing but Net.
> >
> > The net will not be what we demand, but what we make it. Build it well.
> >
> > ----- Original Message -----
> > From: "Adrian Close" <adrian at close.wattle.id.au>
> > To: <melbwireless at melbwireless.dyndns.org>
> > Sent: Monday, October 29, 2001 1:15 AM
> > Subject: Re: [MLB-WIRELESS] more important issues <aka: guerilla radio is
> > by ninjas, for ninjas. Worked for global IP's development!>
> >
> > > On Sun, 28 Oct 2001, Steven Haigh wrote:
> > > > By this, I mean that the traffic passing between nodes not be
> > > > encrypted
> >
> > as
> >
> > > > to not let other nodes participate that is within radio range.
> > > >
> > > > ie - Joe and Fred have a link, but use encryption so Barney can't
> > > > join
> >
> > the
> >
> > > > link...
> > >
> > > Actually, he can.  If you're talking about using WEP, he just needs the
> > > key.  If you're talking about IPSEC, it doesn't stop Barney
> > > participating in the link anyway - it only stops him sniffing traffic
> > > not destined for him.
> > >
> > > Not that I especially think we need to encrypt traffic on transit links
> > > at the link-layer, but it would make life difficult for the bad guy
> > > that wants to spoof traffic.  This may or may not be a problem...
> > >
> > > What WEP would do is make it a lot harder for Barney to work out that
> > > there _was_ a link in the first place.  Of course, he could always use
> > > the other resources (i.e. web pages) to find Joe and Fred.
> > >
> > > Adrian Close email: adrian at close.wattle.id.au
> > > 1 Old Gippsland Rd. web: http://www.close.wattle.id.au/~adrian
> > > Lilydale, VIC, 3140, Australia mobile: +61 412 385 201
> > >
> > > Echelon teaser: MD5 RX-7 SSL Kiwi TRD DEADBEEF Bubba
> > >
> > >
> > > --
> > > To unsubscribe, send mail to minordomo at melbwireless.dyndns.org with a
> >
> > subject of 'unsubscribe melbwireless'
> >
> > > Archive of the Entire mailinst list at:
> > > http://melbwireless.dyndns.org/cgi-bin/minorweb.pl?A=LIST&L=melbwireles
> > >s
> >
> > --
> > To unsubscribe, send mail to minordomo at melbwireless.dyndns.org with a
> > subject of 'unsubscribe melbwireless' Archive of the Entire mailinst list
> > at:
> > http://melbwireless.dyndns.org/cgi-bin/minorweb.pl?A=LIST&L=melbwireless
>
> --
> To unsubscribe, send mail to minordomo at melbwireless.dyndns.org with a
> subject of 'unsubscribe melbwireless' Archive of the Entire mailinst list
> at:
> http://melbwireless.dyndns.org/cgi-bin/minorweb.pl?A=LIST&L=melbwireless

--
To unsubscribe, send mail to minordomo at melbwireless.dyndns.org with a subject of 'unsubscribe melbwireless'  
Archive of the Entire mailinst list at:
http://melbwireless.dyndns.org/cgi-bin/minorweb.pl?A=LIST&L=melbwireless



More information about the Melbwireless mailing list