Patrick Cahalan wrote: > Dissecting problems with theories is great, especially > in the security related fields. I agree, more robust > argument is generally needed. Ridicule, however, > should be reserved for the ridiculous.
WPA shows that WEP did not receive enough ridicule. I could provide a great many other examples of dangerously inadequate ridicule, and a serious shortage of contempt and derision, but they are off topic for this list, even though some of them have killed a lot of people. >> With a bit more nastiness in the air, we might not >> have seen the Wifi debacle where the committee issued >> a broken spec, then fixed it with an equally broken >> spec, then abandoned compatibility to issue a spec >> which is *still* broken in that offline dictionary >> attack is possible and usually succeeds. Patrick Cahalan wrote: > If we want to solve this problem, we need to make sure > committee composition reflects the desired outcome, > instead of sweeping externalities under the rug. A > bit more nastiness probably wouldn't have done > anything to prevent the problems your alluding to > here; when a committee is made up of a majority of > agendas who don't care about security, you're going to > get insecure specifications. Security was the committees job, and in the name of the standard they issued. They did care. They just did not know, and could not tell the difference between those who did know, and those who were full of crap. Further, there are an increasing number of similar disasters, many of them lethal, in various areas that are off topic for this list. _______________________________________________ FDE mailing list FDE@www.xml-dev.com http://www.xml-dev.com/mailman/listinfo/fde