Wiki's lack of HardSecurity has meant that they have developed a slightly different notion of security which they call SoftSecurity. It is designed to protect the system while interferring as little as possible with the under users ability to participate.

Below is a message from AdamShand to the MailingList discussing why he thinks it's important for CommunityNetworks to adopt this philosophy. It needs to be cleaned up and refactored into something a little more coherant. In the mean time it's better then nothing :-)

> Can access to an AP be restricted by MAC address?

not all ap's support this feature but many do. however it's not not very good authentication because it's trivial to spoof a mac address. in fact i've been told that the old lucent drivers for windows actually have a box where the user can type in whatever they like for their mac address.

{{{> If so couldn't a person "sign up" for access via a web site > where they enter their MAC address (or the website somehow reads > it). We would then have a database of MAC address and all of > the APs could be updated via a script to allow the new user access. > > I'm not sure if this follows the discussion but it would be a type > of authentication.}}}

it certainly would be a type of authentication. here's where i will rant though. :-)

wiki's have a notion of SoftSecurity. the basic idea is that where security can't make a differnece, it shouldn't. further that as much as possible security should be behind the scene and influence the user as little as possible.

it takes a while for the true import of this to sink in but once it does it's pretty profound (at least it was for me coming from *very* security conscious environments).

so, lets examine this idea. the first premise is that you are building an *OPEN* network, and that you want people who you don't know (and inherently can't trust) to be able to easily access it. now if you want to be able to authenticate users you have to allow them to create accounts some how, you have two options:

if you do the second one then you you do indeed by yourself some increased security (or at least auditability). if nothing else you have a chance of tracking down their physical presence and kicking their ass or calling the cops. however you've just made your network *MUCH* less open. if you do credit card checks you exclude children and some adults, if you do adress or sponsor checks you exclude the random well intentioned traveler how just happens to be passing by and wants to check their email for 30 minutes.

if you do the first one, then you give the appearance of security (they have an account you can disable) but there is absolutely nothing to stop them from signing up with anohter account 5 minutes after you disable the first one.

so ... given that. we made the decision long ago to deliberatly leave the network open and to trust people. we are developing the idea of NetworkSoftSecurity and are working on ways to stop users from being "bad" and protect node operators liability without interferring with the end users experience or buying ourselves management hassle.

i really need to put this up on the wiki somewhere so i stop writing it over and over :-)



SoftSecurity (last edited 2007-11-23 18:02:50 by localhost)