ietf
[Top] [All Lists]

Re: Wireless at IETF

2006-01-18 12:57:59
On Wed, Jan 18, 2006 at 02:23:49PM -0500, Steven M. Bellovin wrote:
In message <20060118185700(_dot_)GS96731(_at_)hut(_dot_)isi(_dot_)edu>, Ted 
Faber writes:


On Wed, Jan 18, 2006 at 10:30:31AM -0800, Hallam-Baker, Phillip wrote:
The result is that 70% of wireless access points are open and can be
used by Internet criminals to achieve anonymous access.

Loaded statement?  Check.
Precise statement? Check.
Supported statement? Hmmmm.....


I'm not sure which part your claiming is unsupported; my own informal 
measurements agree with the 70% number.  I'm not at all convinced that 
"Internet criminals" use such access points as a major means of access, 
though.

Well, none of it's supported.  Your statement above about informal
measurements is support for your statement of 70% and indirectly of his.

"70% are open," meaning 70% of wireless (access points|networks) have no
admission control at the link layer seems plausible, but there are lots
of things that seem plausible to me that I'm wrong about later.  Having
a number and not even saying "Bellovin's measurements indicate" always
tweaks my interest.

Going from an open access point to anonymous criminal access seems much
more implausible to me.  There are all sorts of hurdles one could put up
between "no link level protection" and "anonymous criminal access."  But
again, I'm wrong all the time and a citation for that much more damning
statement would be very welcome.  Without one I feel like I'm watching
local news.

The combination of a very provacative statelment "anonymous criminals
access" and precise number makes me uneasy.  After all <joke>90% of all
statictics are made up</joke>.

"An awful lot of access points can be used to anonymously get on the
Internet for criminal purposes" doesn't concern me as much.  But if you
found a number somewhere, let me know where, too.  A real study is
valuable information; an uncited, incorrect (and I don't know it's
incorrect) number is hard to kill.

However, Phillip's larger point -- that our security mechanisms and 
products have lousy user interfaces -- is absolutely correct.  It's a 
major issue.

I absolutely agree.

-- 
Ted Faber
http://www.isi.edu/~faber           PGP: http://www.isi.edu/~faber/pubkeys.asc
Unexpected attachment on this mail? See http://www.isi.edu/~faber/FAQ.html#SIG

Attachment: pgpccgB4BeOUz.pgp
Description: PGP signature

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf
<Prev in Thread] Current Thread [Next in Thread>