[saag] Would love some feedback on Opportunistic Wireless Encryption

Warren Kumari <warren@kumari.net> Wed, 26 August 2015 14:53 UTC

Return-Path: <warren@kumari.net>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id A1A391A0266 for <saag@ietfa.amsl.com>; Wed, 26 Aug 2015 07:53:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id 7ONhQka9j6i4 for <saag@ietfa.amsl.com>; Wed, 26 Aug 2015 07:53:08 -0700 (PDT)
Received: from mail-ob0-f174.google.com (mail-ob0-f174.google.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 36A0C1A0074 for <saag@ietf.org>; Wed, 26 Aug 2015 07:53:08 -0700 (PDT)
Received: by obkg7 with SMTP id g7so173189749obk.3 for <saag@ietf.org>; Wed, 26 Aug 2015 07:53:07 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=m6GuLL9LfpjZMLrlVrZ8JNe+ivNm4YgUvaIB6Mk7oD0=; b=eQsgZPN7XqyjPNo0LnG60vHVE6ro3ux8bcdJmfiAudjorOq9SIMSsIhOr4SW4MrfF5 zdz+ESeXCgjbidrfqPvNZYrT8ginLCi9dvRV/ctvigvF+9dWIO57FUh3a844h7EAHfTx GuaX2tRj4XWXjXYYZsAFrKw0iUP+cxL91AGWN6Lij35303KTtFruM17WzYbRHwatlVq7 o7QNJEvZoY8N6lZtxL7JMeDOSCYeU8/8P2hahNnZFD3VQifK17bwc/B3OPQv4zu07wN0 zP7ALKiOV4NzJRPoKM4rDKj9NyKz2d9M6Kuh6Birt3aB7XYSbVhzjE3yhfhjB7Uj9aOZ +WkA==
X-Gm-Message-State: ALoCoQmRDH+sYwbuMjzfEEHs4wUAs6oToyKVpJGItbc3USjeVUW8whwWboiVa73mjxjnFujPm7Wn
MIME-Version: 1.0
X-Received: by with SMTP id u4mr27734144obt.86.1440600787513; Wed, 26 Aug 2015 07:53:07 -0700 (PDT)
Received: by with HTTP; Wed, 26 Aug 2015 07:53:07 -0700 (PDT)
Date: Wed, 26 Aug 2015 10:53:07 -0400
Message-ID: <CAHw9_iKt39m+tCHYxN4VuVFkJf65Go_V2x0udOtEn32ke+nrkQ@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
To: "saag@ietf.org" <saag@ietf.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/k7GurWefalCuzVuam0l3VHkLILA>
Subject: [saag] Would love some feedback on Opportunistic Wireless Encryption
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Aug 2015 14:53:09 -0000

Hi there all,

I'd appreciate it if folk could have a look at this draft and provide
any feedback.
I'm not sure that SAAG is the right place for it, but I couldn't think
of anywhere better.


Note that this is NOT intended to be the be all and end all of secure
wireless, it is simply intended to make open wifi suck somewhat less.
We are not claiming great security (the WPA2 4-way handshake
significantly limits what can be achieved), and so much of the draft /
idea is making sure that users do not get a false (or any) sense of
security - this should be transparent to them.

We also want it to be *really* simple, so that commodity CPE vendors
will include "support" (basically a flag in the beacon) - this removes
other solutions like .1X, etc.

Appreciate your time,

I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.