What mistake did the 802.11i Working Group make when creating IVs?

The fundamental issue here is how IVs (initialization vectors) affect the security of wireless encryption. An IV is meant to ensure that the same key stream isn’t reused across packets, so each frame gets a fresh keystream. If IVs are visible to anyone on the network and are not large enough to prevent repeats over practical traffic, attackers can observe the IVs and look for keystream reuse, which can lead to recovering plaintext or spotting patterns. In 802.11i, the IVs are included in the clear so the receiver can derive the per-packet key, but that visibility in combination with an IV space that isn’t large enough creates exploitable scenarios, especially as traffic grows. The move from the older WEP design (which used a 24-bit IV) to a 48-bit IV in TKIP was intended to reduce collisions, but the fact that IVs are still transmitted openly and the space is not inherently infinite means repeats can still occur under heavy use, enabling certain attacks. Therefore, both transmitting IVs in the clear and having an IV length that remains vulnerable under realistic traffic conditions are considered mistakes, making the combined choice the best explanation.