(keitai-l) Re: Camera phones - USB & WPAN

From: Nick May <nick_at_kyushu.com>
Date: 07/29/02
Message-id: <fc.000f7610000746533b9aca001b00b38f.7465f@kyushunet.com>
the tone of this thread seems to have become a tad emotional, so I enter
it with caution.

Wire-less, in whatever form (i.e. any connection that occurs without
wires) never has the "verifiably secure" quality of a bit of wire
connecting two things together.  It is always eavesdropable as long as
someone is prepared to dedicate sufficient resources to doing so. It isn't
that it CAN'T be "secure" (from all but govt. agencies or the similarly
resourced) - but that the resources required to make it and keep it
"secure" even in this limited sense are just too great for it to be viable
in consumer products. As Curt says, as soon as you start to imagine a key
management infrastructure, it all starts to look iffy. 

*How secure something is is how secure it is AFTER it is implemented in
meatspace for meatheads.* 

It is no good sniffing and saying "those are just implementation issues" -
anyone who has audited any form of secure system knows that sorting out
"implementation issues" is 99% of the problem.

Of course, you may reply that if someone really wants your data, a cable
won't help - they will get it (eavesdrop on the RF emmissions of the cable
perhaps). Possbly true. But wireless security is always vulnerable to
script kiddies - the technically inept who just know what buttons to press
on their 'lite Windows XP box. So as soon as a wireless security measure
is circumvented (a high bar, admittedly) a script appears and World + dog
can see what you are doing.

There is a further issue - real encryption (real, real real encryption) is
starting to become heavily controlled in some countries (the UK for
example). Any encryption that is legal is always going to be eavesdropable
by the the "authorities". A bit of wire connecting two things together
neatly sidesteps that problem for some applications.


I am not under any illusions as to the security of physical links - anyone
who has ever played with those apps that reconstruct jpg files as they fly
over an ethernet network has the point brought home to them very forcibly.

So fine - encrypt away - but send it all down a heavily shielded little
wire. For many, many applications, that will be anough. For many more it
won't of course - but don't force the user to wireless for everything.

BTW - in the great "remote control debate" - yes - a long range multi use
remote control WOULD be fun - but not something I would entrust anything
dangerous too. 

I don' really believe in security. when it is implemented it is always
kludgy to some extent - and that is when it is implemented reasonably well.
Received on Mon Jul 29 06:46:52 2002