On Sun, 22 Sep 2002, William Allen Simpson wrote:
but it adds annoyance for the intended users. in the case of non- techs, considerable annoyance. and it gives negligible privacy.
Randy has the best of intentions. But I'm tired of the old saw that security adds annoyance. I long ago gave up on a WG at the IETF when the members wanted to add security, but with *NO* configuration.
Well, if that's a possibility, then it sounds like the way to go.
Sorry, any security requires a *SECRET*.
No way. If you have to depend on some information to remain secret in order to reach your security goals, you can start counting down until your security is breached because it will happen each and every time. Confidentiality in itself is only one goal.
I will agree that the security in WEP is almost useless, and have personally campaigned to change it for years. But, it is still the only Access Control widely available. So, it should be used, in addition to the better methods.
In this particular instance, the gain is incredibly small (you only keep out non-participants for 15 minutes or so) and the annoyance is rather large. Also, if you use WEP people may be under the misguided impression their data isn't completely open to public scruteny. If you really want the wireless network at a convention to be safe, simply filter all clear-text protocols. That is much more inconvenient than having to find the right WEP key, but at least it really helps.