In message <Pine.GSO.4.40.0209221641250.23761-100000@clifden.donelan.com>, Sean Donelan writes:

On Sun, 22 Sep 2002, Randy Bush wrote:

...

- the users need to be told how to operate more safely, use end-to-end authentication and privacy, etc. it's a matter of education. and the education will stand them in good stead when they use 802.11 at starbucks, airports, etc. we do this at ietf, but it is not allowed at nanog.

Sunday afternoon is full of tutorials on lots of different subjects. Has anyone volunteed to conduct a Sunday tutorial on wireless security for users of "public" wireless networks?

Although I think it is a mistake to think a wireless network security is different than using any other network you don't control. Most wireless security tutorials tend to concentrate on "securing" the wireless network instead of how to communicate over an untrusted network.

Precisely -- and it's precisely why I'm not a big fan of "wireless security" as a discipline: my threat model for the wired network has never been any different than for wireless... --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com ("Firewalls" book)