RSA proves security isn't usable by example

The old axiom of more security and less usability couldn't have been more apparent at RSA conference 2007.  It took members of the press and attendees over an hour to get Wireless LAN access because username/password style wireless LAN security is employed.  Last year it was even worse when each member of the press had to have their own unique username and password.  It was a bit simpler this year because they handed out generic usernames and passwords but the lines around the Wireless LAN helpdesk remained a mile long much of the day.

The universally accepted way of providing guest hotspot access is to not have any kind of link-layer security at all and just running everything wide open.  This doesn't provide any security on the link between the client and the access point and users are expected to use secure protocols.  Since secure protocols are the exception and not the rule, hotspots are the most insecure and dangerous form of connectivity and the RSA conference is trying to lead by example.  The problem is that true wireless LAN security in an ad hoc environment isn't usable because there is no seamless inter-organization identity infrastructure in place.

Email communications work because you can hand anyone a business card with your email on it and expect to be able to email each other without IT intervention even if the two domains have never communicated with one another.  Until ID and authentication can be just as seamless as exchanging email, widespread security will be nothing more than a small niche market and a pipe dream for the masses.  The reason email is so seamless is because it's published in DNS, perhaps it's time we considering a similar mechanism for authentication.  If RADIUS authentication servers were published in a DNS record for a particular domain, this would allow seamless secure Wireless LAN authentication anywhere without the need for new and cumbersome user accounts on every new network you touch.