ietf
[Top] [All Lists]

Re: meeting ietf-legacy ssid

2017-07-13 01:08:56
On 7/12/17 1:30 PM, Dave Crocker wrote:
On 7/11/2017 5:34 PM, Randy Bush wrote:
   o don't care as their threat model sees runnin' nekkid over the air as
     not a significant additional weakness, or

   o believe that they are using sufficient encryption at higher layers
     to meet their needs, or


Given that it is likely that at least one of the 1200 open-participation
IETF meeting attendees -- all of whom have access to the WiFi password
-- sometimes indulges in bad actor behavior, then it might be worth
clarifying exactly what the incremental benefit is, in having WiFi
encryption, if one is already using TLS liberally.

wpa2 enterprise provides forward security, merely using the same
username and password doesn't provide you with the ability to snoop
other traffic.

(For extra credit, it would be interesting to see where this benefit is
already documented on the net.)

d/



Attachment: signature.asc
Description: OpenPGP digital signature

<Prev in Thread] Current Thread [Next in Thread>