On 7/7/2015 5:39 PM, Joe Greco wrote:
Unclear at best. The way it is implemented, the user has the potential to go either way. A network might not want the user to have the choice, clearly, but there is certainly a subset of users who will opt out of the feature and I cannot see how those would be in violation of any sane network usage policy. It's certainly a mess in any case.
Now that windows mobile and desktop versions are converging, I doubt there is a way to really tell if a device is a PC or a phone or a tablet. Some network administrators banned mobile phones from wifi connections because of Google's password storage violating their security policy.
Now administrators don't even get that knob.
We could fix it in a couple of ways (or, they could fix it.. depending on who pushes around money and if anyone cares enough to bother):
1. Wifi sends password policy during handshaking. If you save passwords you aren't allowed to connect here (or, you aren't allowed to backup/share this password) but we will allow the user to connect. This can be transparent to the user and handled by the OS.* 2. The client device sends "I am configured to backup/share passwords" to the wifi. This allows the AP to either deny the user outright, or redirect them to a page explaining what is wrong or whatever. This might be accomplished via DHCP option if we want to keep it all in software.
* The fact that we need an IEEE level fix for a security problem created by Google and then propagated by Microsoft is just pathetic. These are two companies that should know better than to do this.
Yes, I agree. It makes me wonder how much of this is new-feature-ism promoted by a management that is looking at the(ir) big picture, then having people without sufficient technical depth "do that new feature." Or are they really drinking their own koolaid and thinking that everything is in "the cloud" today and so there aren't local security concerns? I best go before I delve into the truly cynical. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.