Now that's a professional answer.
Thank you for the respect shown to another field professional, really appreciated.
I know my personal opinion as sole is valid nothing, but sharing it in public, I hope some other professionals might support it, if valid.
I'll refer to the workings of WEP compared to WPA
I do fully agree on that. But look at the difference between WPA3 and both WEP/WPA/WPA2 protocols.
Those protocols always integrated, now and before, a official way to decode traffic external (for whatever reasons, fallback emergencies, convenience, law enforcement investigations, and so on).
Provided of course the authorization to do so, and the most important ingredient, a strong password.
So as you say, and I fully agree
WPA2 is still very secure
It has indeed undergone few security improvements in the last years, as well as WPS, becoming now a very stable protocol in the newest hardware (and I repeat: newest hardware)
Now, look at the WPA3: it does NOT integrate any (known) way to decode external traffic, that possibility has been wiped out from the protocol foundations, that is official.
Even provided authorization, passwords, the owner looking in front of your computer, whatever, you can't decode the traffic.
My point is, there will be tools, but it might take a little while
That is true, maybe, but what "tools" are we talking about?
WPA3 officially removed the possibility to decode traffic, so the only "tools" which might come over in time will be temporary workaround bugs exploit from QA testers or worst, hackers.
As we all know very well, no respectable Customer, SME or Corporate, will never authorize the use of "hacking" tools in its environment, be it testing, stage, production or else.
(...you can see it even now, try to ask even your closer colleagues to provide a innocent VM with a cracked version of Window$... every cracked versions works just good as the original ones, yes no doubt... but just thinking of it you risk to lose your job...)
Unfortunately, that excessive "security" is going even further into obfuscating also the 80211 Open protocol.
You can also put a tap right after the AP, where you get the Ethernet packets, which are decrypted.
That you can do now indeed, and it's infact the preferred way to deal with issues in testing environments, but not in production.
Anyway, not all customers are rich Corporations willing to spend thousands of $ in such gadgets...
But as we see, with that new OWE, it will get a lot difficult even to debug a open wireless issue, bringing only frustration and loss of money, to everybody.
To conclude, my point is, security is important, but excessive "security" is destructive, and that was my evidence.
WPA3 protocol needs a fallback mechanism, OFFICIAL, in order to provide professionals (and law enforcement) a way to decode traffic in emergency situations (authorized by owners or Courts)
Thank you
