Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Wifi Security

  • From: Steven M. Bellovin
  • Date: Mon Nov 21 17:15:19 2005

In message <Pine.LNX.4.44.0511212148070.25860-100000@server2.tcw.telecomplete.n
et>, "Stephen J. Wilcox" writes:
>
>we relay security information and hope
>the user clicks 'yes' when they are told the host key has changed
>
>you dont have to break the code if the endpoints trust sessions with you and 
>share their encryption keys
>

Put another way, security is as much a matter of proper usage as proper 
algorithms and proper code.  See http://www.fas.org/irp/eprint/heath.pdf
for a story of how the NSA and the US Navy got that wrong.  For that 
matter, read Leo Marks' wonderful memoir "Between Silk and Cyanide".  
He's telling a story, not trying to teach, but the message is there 
nonetheless.

As technologists, of course, it's incumbent on us to design security 
systems that help the user understand consequences of actions, and to 
help avoid dangerous situations.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.