What I am trying to get at here is the problem of usability. Security is no use
to me to stop Internet crime if everyone either turns it off or is unable to
use it. The layered model is a big problem here because the lower layers
abstract away the user. There is no user interface, there are no user oriented
use cases and as a result the protocols fail to deliver the necessary
information to the upper layers to allow the user to make sure that they are
"3. Do Not Verify Server Cert and we won't verify yours :)"
OK, it is a good idea to turn on confidentiality and integrity. But this is not
something that is really going to help solve the evil twin WiFi attack out in
the general population. Its a pretty insidious attack as the effects are
localized and we can't measure the frequency.
If we are going to do experiments then we should be providing feedback to the
relevant parties. Pointing out to the IEEE that WiFi security fails basic
principles of security usability - the user does not have sufficient
information to distinguish the intended connection from the twin - would be a
Of course, going round pointing out this sort of thing to others would make it
incumbent on us to fix the same problems in our protocols.
From: Patrik Fältström [mailto:patrik(_at_)frobbit(_dot_)se]
Sent: Mon 24/03/2008 10:30 PM
To: Hallam-Baker, Phillip
Cc: Russ Housley; IETF Discussion
Subject: Re: Write an RFC Was: experiments in the ietf week
On 25 mar 2008, at 02.18, Hallam-Baker, Phillip wrote:
I am willing to have a go at it next time round but only if I have
some idea what I am expected to have on my machine and what
authentication indicata I am to expect.
As it stands there is no way for me to evaluate an authentic or
inauthentic experience. I don't know what authentic looks like. I
have no trust anchor.
This email message sent to me was enough of a trust anchor to use
802.1x. Specifically as "the instructions" are the same as IETF-70 and
Sure, the mail was not signed, but I also asked a friend at the
meeting "what he used". And as we both had the same instructions, we
trusted that. If we wanted to, we could have asked someone actually
running the network, but we did not feel we had to.
IETF mailing list