Re: [saag] Would love some feedback on Opportunistic Wireless Encryption

[Warren Kumari <warren@kumari.net>]

On Wed, Aug 26, 2015 at 2:51 PM, Christian Huitema
<huitema@microsoft.com> wrote:
> On Wednesday, August 26, 2015 10:36 AM, Warren Kumari wrote:
>>
>> On Wednesday, August 26, 2015, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote:
>>> ...  This is considerably weaker
>>> than many other opportunistic security protocols.  With no protection
>>> against a passive adversary who started monitoring before the victim
>>> joins the network, is this still worth doing?
>>
>> I believe that it is -- I think that the cost to implement this is really really low (I added PoC
>> "support" to OpenWRT in less than an hour, and almost all of that was finding a
>> suitable access point in my basement :-)).
>>
>> I fully acknowledge that this doesn't solve all issues, and doesn't claim to - but I think that for
>> the negligible cost, the incremental security win is worth it.
>
> You have to decide who you are optimizing for. The administrators would cannot be bothered to set a password for the Wi-Fi? If the router starts doing OWE without their knowledge, there will be a great deal of confusion when legacy UI shows the network as encrypted and users asks the bartender for the password.
>
> So let's assume that OWE is explicitly turned on by the administrators. They take the pain to activate the option in the UI.

Yup -- the expectation is that my e.g Netgear 42Foo will have 3 radio buttons:
[ ] WPA2-PSK (Enter password here ________)
[X] OWE: A slightly less insecure, but still open network.
[ ] Open: No encryption.


> Why is it simpler than just setting a password? The bartender will still get asked for the password by all the legacy customers, and at that point it does not make any difference whether he has to answer "use the name of the network" or "Open Sesame."

This issue for many places is that they specifically do not *want* a
password, not that they simply cannot be bothered to set a password --
for example, in the Prague Hilton lobby there was a network
("Hilton-guest" or "Hilton-lobby" or something like that). It was
intentionally unsecured, so that people didn't have to go along, stand
in the long line for registration and then be told "Oh, yeah, the
password is Password"".

You are right that there will be some initial legacy issues -- but if
we can convince Windows 10 Mobile, Apple iOS, and Android willing to
include support (which seems likely, "support" is trivial - basically
1: try the SSID as the passphrase and 2: don't bother showing a lock
icon) we could get the *huge* majority of devices doing this before
the document is published, and way before CPE starts including the
button.
Even for devices that don't get support added -- after I've asked at 3
coffeeshops what the password is, and they all say "It's the same as
the network name..." I'm likely to start trying the network name if
the SSID name sounds like it may be open (e.g is the name of the
establishment, contains -guest, -public, or better yet, -owe).

>
> -- Christian Huitema
>
>



-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf