Monday, December 9, 2002, 5:36:08 PM, David scribbled: >> DW> Th question is: "Why bother working on a `fix' to WPA that >> DW> will likely never be deployed and that will be obsoleted >> DW> in a few years by the spread of AES-CCMP?". >> >> You make the assumption that, having gone throught the WEP to WPA >> conversion, businesses will be willing to move to AES. My clients tell >> me they are not, absent a major fault in WPA.
DW> Thanks. That's an interesting point. DW> But, won't the same argument apply with the same force DW> to any patch to WPA? I don't see the denial-of-service DW> issue that the original poster is worried about as a major DW> fault, and any patch to WPA would hence only be a minor tweak DW> to deal with a minor weakness -- which doesn't sound to me DW> like the sort of thing those businesses are going to want DW> to spend a lot on deploying. Would you agree? David, There is a large difference between upgrading from WEP to WPA and upgrading WPA code. In the first case, the operational characteristics of the network will change. This falls under the "non-trivial task" definition. In the second case, you've already done the hard work of conversion, and are simply applying patches. There are several systems on the market that can automate this kind of work. Regards, Michael --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
