What I am trying to get at here is the problem of usability. Security is no use to me to stop Internet crime if everyone either turns it off or is unable to use it. The layered model is a big problem here because the lower layers abstract away the user. There is no user interface, there are no user oriented use cases and as a result the protocols fail to deliver the necessary information to the upper layers to allow the user to make sure that they are safe.
"3. Do Not Verify Server Cert and we won't verify yours :)"
OK, it is a good idea to turn on confidentiality and integrity. But this is not something that is really going to help solve the evil twin WiFi attack out in the general population. Its a pretty insidious attack as the effects are localized and we can't measure the frequency.
If we are going to do experiments then we should be providing feedback to the relevant parties. Pointing out to the IEEE that WiFi security fails basic principles of security usability - the user does not have sufficient information to distinguish the intended connection from the twin - would be a useful purpose.
Of course, going round pointing out this sort of thing to others would make it incumbent on us to fix the same problems in our protocols.
-----Original Message-----
From: Patrik Fältström [mailto:patrik@xxxxxxxxxx]
Sent: Mon 24/03/2008 10:30 PM
To: Hallam-Baker, Phillip
Cc: Russ Housley; IETF Discussion
Subject: Re: Write an RFC Was: experiments in the ietf week
On 25 mar 2008, at 02.18, Hallam-Baker, Phillip wrote:
> I am willing to have a go at it next time round but only if I have
> some idea what I am expected to have on my machine and what
> authentication indicata I am to expect.
>
> As it stands there is no way for me to evaluate an authentic or
> inauthentic experience. I don't know what authentic looks like. I
> have no trust anchor.
This email message sent to me was enough of a trust anchor to use
802.1x. Specifically as "the instructions" are the same as IETF-70 and
previous meetings.
http://www.ietf.org/mail-archive/web/71attendees/current/msg00154.html
Sure, the mail was not signed, but I also asked a friend at the
meeting "what he used". And as we both had the same instructions, we
trusted that. If we wanted to, we could have asked someone actually
running the network, but we did not feel we had to.
Patrik
_______________________________________________ IETF mailing list IETF@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf