[amenghra]

The difference between an access point and HTTPS on a web server is that the access point doesn't have an identity to tie the key exchange. You can sprinkle DH here and there to incrementally improve things but it's not going to be bullet proof against active man-in-the-middle attacks.

With things like Lets Encrypt, having each access point own a short lived certificate becomes possible and you can then bootstrap a secure key exchange.

PS: I have no idea which direction WPA3 is going. They might be doing something without certs but a TOFU trust model instead. Either ways, it is possible to design something better than WPA/WPA2 but don't think it's trivial because the constraints aren't the same as existing secure protocols.

[sasebot]

>>>The difference between an access point and HTTPS on a web server is that the access point doesn't have an identity to tie the key exchange. You can sprinkle DH here and there to incrementally improve things but it's not going to be bullet proof against active man-in-the-middle attacks.

??? Isnt the MAC address an identity for the AP ?

I always had a doubt about HTTPS . Say Im connecting through a proxy server to a website. The exchange of keys for HTTPS connection happens through this proxy server, means it can capture those and decrypt the connection whenever it wants , right ? Thanks for your reply.

[icebraining]

??? Isnt the MAC address an identity for the AP ?

No, just an address. To be an identity, there must be some way for the AP to demonstrate that it is the right owner of that MAC, otherwise any router can simply copy the MAC.

HTTPS sites do this by getting a CA to vouch for them (in the form of a digitally signed certificate). Tor sites do this by having their address being a representation of their public key, and proving they have the corresponding private key.

I always had a doubt about HTTPS . Say Im connecting through a proxy server to a website. The exchange of keys for HTTPS connection happens through this proxy server, means it can capture those and decrypt the connection whenever it wants , right ? Thanks for your reply.

No, thanks to Diffie-Hellman[1], you can exchange keys with a remote server over a non-secure channel in a way that anyone listening can't figure out the key.

Of course, this happens after the server has proven it is who it says it is, by using one of the methods above. Otherwise, the proxy could pretend to be the server, and exchange keys itself with you.

[1] https://security.stackexchange.com/questions/45963/diffie-he...

[slackingoff2017]

You can have bulletproof protection against MITM as long as you have a shared secret so it's possible with wifi. The other answers in this chain about PAKE have details.