[uuddlrlrbas]

The reason we have had so many problems is because these "standards" are not vetted by third-parties and therefore not allowed to test the security of these standards. The Alliance is a closed members-only committee, so yeah I don't doubt we will keep seeing these issues crop up.

[Sargos]

Why is everyone using some proprietary standards body for something as important to humanity as a whole like wifi? That seems absurd.

Why hasn't someone like Apple or Google created an open standard and push adoption?

[dwheeler]

That's also my understanding. My understanding is that these specifications were not developed in the open, and thus there was no opportunity for external scrutiny before they were ratified. It's exactly the same reason previous similar specifications were so badly broken. Nothing has been learned.

[zamadatix]

I'm not going to get into the ideological debate of if the standards process is open enough or not but let me pose this: Is it not more likely the fact WPA2 was ratified in 2004 that it continues to be of questionable security to utilize in 2019?

[benchaney]

No, because:

1. WPA3, which has only recently been created, is riddled with issues.

2. Many things much older than WPA2 are still used today without major issues e.g. AES and RSA.

The idea that standards processes aught to be open is not a ideological debate anymore. At this point it is a simple truth backed by overwhelming empirical evidence.

[zamadatix]

The process not being open != The process should have happened sooner

In regards to 2 I disagree, see tls 1.0 as an example. Also aes isn't a protocol, apples to oranges.

[penagwin]

I mean AES was established in 2001, and that's obviously still considered secure.

[zaroth]

Primitives vs Protocols.

Encryption primitives rarely fail. The protocols build on top of them seem to consistently fail.

[hackdown]

The principle, the theory is always good. The protocols are implementations, and often implementations are badly done. See with all versions of SSL/TLS prior to TLS 1.3

[benchaney]

There is no inherent reason that this is true, other than the fact that in order for primitives to be widely use they go through a open vetting process.