I'm at the O'Reilly Emerging Technology Conference, in Rob Flickenger's tutorial on building community wireless networks. Rob's been running down NoCat, O'Reilly's open source wireless authentication service. The idea is to permit you to open up your wireless link to the public without making yourself a launching-off point for malicious network activity (and without having your network sucked dry by passers-by who saturate your connection downloading giant files). Rob got big wows by whipping out a $40 embedded Linux box that requires no fan or ventilation.
The NoCat stuff has got tons of juicy paranoid seekrit-agent stuff built in to prevent malicious attacks and authentication spoofing, but no transport-layer security (You can be sure that you're actually connecting to the authentication server, but not sure that no one is reading your email over your shoulder). That stuff is, of course, properly the domain of protocol-security (i.e., ssh and SSL), but civilians (me included) have a hard time getting that stuff to work. I want to talk to Rob afterwards about using NoCat boxes, equipped with DynDNS (so you can find your NoCat machine even if your ISP changes its address) as ssh proxies. That way, you can use your gateway as your secure jumping-off point, even if you're roaming on someone else's network.
It strikes me that the security stuff in the NoCat project answers a technical challenge more than a real need. As a wireless user, I want to know that I'm not being eavesdropped on. Instead, NoCat security is all about ensuring that no traffic flows over the air without that it originates with an authenticated entity, so that people will act responsibly as they roam onto others' networks. But this is not an observed practice: as far as I know, there has been a total of one open wireless network operators that have had this happen to them (by contrast, war drivers routinely listen in on wireless connection).
It's as though they've invented ORBS before anyone's invented spam — and don't forget that open SMTP relays (which ORBS was created to eliminate) were the way that mail was able to work in the olden times.
But don't get the impression that NoCat is NoGood! There are a couple of really exciting features in NoCat that make me want to start running it. For starters, NoCat can distinguish between a network's owner and the visitors to the network. I can reserve some fraction of my bandwidth for my private use, ensuring that no passer-by eats into my enjoyment of my network.
What's more, NoCat can force new users to the network to load a screen when they open their first Web page, one that could say, "Hey, welcome to Cory's network. Here are some house rules. Here's a link to my homepage. Here's my email address, in case you want to say thanks."
