Longer or more meetings?

[Eric Rescorla]

Marshall Rose <mrose@dbc.mtview.ca.us> writes:
> the problem in using absolutes as examples is that the real-world rarely
> simplifies to absolutes. yes, it's preferrable that wifi have groovy
> security (if ever the security types would tell us what that was
> exactly), but if asked which is better:
> 
> 	- a world without wifi; or,
> 	- a world with wifi and non-existent privacy

Marshall, my problem is that these aren't really the only two
choices. As I was trying to explain earlier, the big problem
isn't that WEP doesn't deliver acceptably spiffy security
in some abstract sense but that it doesn't even do so on its
own terms. That is to say, that it provides confidentiality
that is badly broken because the designers screwed up the
crypto. 

It wouldn't have taken much longer to get it right, but they
would have had to get outside help from someone who understood
crypto. The source of the problem is that they did not do so.

-Ekr


-- 
[Eric Rescorla                                   ekr@rtfm.com]
                http://www.rtfm.com/