On Sun, 22 Sep 2002, William Allen Simpson wrote:
I will agree that the security in WEP is almost useless, and have personally campaigned to change it for years. But, it is still the only Access Control widely available. So, it should be used, in addition to the better methods.
Access control should be used when you need access control. Sometimes engineers need to step back from solving the problem, and look at whether the problem needs to be solved. What access control do you need for a public drinking fountain? What access control do you need for a public wireless access point? WEP won't keep people from hacking other laptops at Nanog meetings, and won't stop people from sniffing plain-text passwords. Everyone at the meeting will have the key, and a secret shared with 500 people won't stay secret for even two days. For a network with no other access control, what purpose does WEP serve?