top | item 19634374

(no title)

The reason we have had so many problems is because these "standards" are not vetted by third-parties and therefore not allowed to test the security of these standards. The Alliance is a closed members-only committee, so yeah I don't doubt we will keep seeing these issues crop up.

discuss

Sargos|6 years ago

Why is everyone using some proprietary standards body for something as important to humanity as a whole like wifi? That seems absurd.

Why hasn't someone like Apple or Google created an open standard and push adoption?

dwheeler|6 years ago

That's also my understanding. My understanding is that these specifications were not developed in the open, and thus there was no opportunity for external scrutiny before they were ratified. It's exactly the same reason previous similar specifications were so badly broken. Nothing has been learned.

zamadatix|6 years ago

I'm not going to get into the ideological debate of if the standards process is open enough or not but let me pose this: Is it not more likely the fact WPA2 was ratified in 2004 that it continues to be of questionable security to utilize in 2019?

benchaney|6 years ago

No, because:

1. WPA3, which has only recently been created, is riddled with issues.

2. Many things much older than WPA2 are still used today without major issues e.g. AES and RSA.

The idea that standards processes aught to be open is not a ideological debate anymore. At this point it is a simple truth backed by overwhelming empirical evidence.

penagwin|6 years ago

I mean AES was established in 2001, and that's obviously still considered secure.