https://cowlicks.website/posts/a-sketch-of-trusted-wifi-open-authenticated-…
Here is an example of how a network might work for a
peoplesopen.net
node:
* you see a network called "wifi.omincommons.peoplesopen.org"
* you know you are at omnicommons, you know peoplesopen sets up wifi.
* you connect to the network
* it sends you a certificate it got from Letsencrypt for
"wifi.omnicommons.peoplesopen.org"
* you verify the certificate
* you verify the cert is issued for the same name as the SSID
* you use the cert to establish a secure connection to the AP
Now you have an authenticated, secure connection to the AP.