But we have... On Jul 27, 2010, at 5:08 PM, Phillip Hallam-Baker wrote: > The endpoints used in these protocols all have the ability to perform > public key cryptography at acceptable speeds. Even if they did not, > the price of 64Mb of flash memory is negligible these days and that is > sufficient to store more than enough keys to maintain tens of > thousands of session keys in the access point. Agree. > We have the resources and the technology to do the job right. Why do > we keep doing half measures that we know are wrong? Because this is layer-2 stuff that should be in IEEE. > I know this particular issue is an IEEE funeral, but isn't there a > point where others decide to take responsibility? We did. The IETF answer would be to "just use IPSec". It's fine to use the wifi with broken or missing security, as long as you're securing your traffic end-2-end. You might want to look at http://tools.ietf.org/html/draft-laganier-ike-ipv6-cga-02 , which may allow you to do the IPsec with very little pre-configuring. _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf