I agre security is sadly lacking, but it is probably impossible to implement in a conference environment.
Look this is a very simple issue. Sean's first post really pointed out that it's "bad form" for a set of operators to run an insecure network. I would believe that it's "good form" to at least try. It was stated that the network was not run by the "operators". OK, I accept that, but it's run by people with great (actually fantastic) connections to real operators (ie: us). WEP may not be a good protocol, but it's better than nothing. If people thing it's hard to configure, then run two networks.. one without WEP and one with WEP. Security is a relative thing... Normally security at the door to the nanog conference hall is "low", but that does not seem to bother many people. (Hence security at a "wired" locations within the conference is "low" making the WEP issue mute). I would be happy to run on a wireless network with a specific SSID and no SSID beacon with a static WEP key. (I don't have LEAP, or other protocols on my laptop). Does this make my communications more secure? I don't know... Everything from my nanog laptop is VPN'ed anyway... hence already end-to-end encrypted. I believe that Sean brought up a good point and something worth working on. Even an incremental improvement at this upcoming meeting followed by another incremental improvement at the next meeting, etc. etc. will be a good thing. BTW: WEP may not be a great protocol and people may believe there is a false sense of security. If this worries you, then I would recommend a note placed on the nanog web pages that states something like "all IP networking provided at the conference should be considered insecure, etc.". Martin PS: As for bandwidth "stealing". Heck... looking at the stats for previous nanog's, we are doing a poor job of using the provided bandwidth. I say... bring it on! (legal traffic only --- of-course!).