hi ian
WAP is a standard of the wifi consortium, trying to improve 802.11 security without hardware modifications. so, first of all, WEP is replaced by something slightly different but based on the same cryptographic bricks (so, answering to one of your questions: no, no AES so far). then, they added signed message integrity code (MIC) and 802.1X authentication (instead of WEP based authentication called SKA) and perhaps some other things i don't remember right now (you need to go to the consortium site and download the whitepaper, if interested). all that WPA stuff is a considerable improvement compared to the raw 802.11 methods and can be achieved in the most hardware on the market (and already sold out) by simple firmware updates. that's the deal. the "real" upgrade (including AES) is expected for the late summer 2003 and is called 802.11i. now, answering to the remaining questions: 802.1X doesn't prescribe any special EAP procedure, why should WPA - which simply integrates 802.1X - do so in your opinion? to give you one argument for this choice: just think that even EAP/MD5 is actually better than unhappy SKA... and if you want dynamic keys you will naturally need something different. in fact, the whole idea of 802.1X is based upon the assumption that it remains extensible by using EAP and does not imply the usage of whatsoever real auth method. the real and simple reason however is that the 802.1X-authentication does not need to be implemented in the WiFi hardware - i.e. neither in the wi-fi cards nor in the wifi access points, so it is completely out of scope of the WPA specification. hope this helps. greetings artur Ian Pritchard wrote: > > Hi, > > I saw the following announcement that Windows XP has a patch that will allow > it to support WPA: > > http://support.microsoft.com/?kbid=815485 > > As far as I understand it, WPA includes 802.1x. The document states: > > "For environments with a RADIUS infrastructure, Extensible Authentication > Protocol (EAP) and RADIUS is supported." > > It also says: > > "802.1x authentication is required in WPA" > > However, I can't find anything there or in the WPA documentation which > specifies which EAP flavours are required. Will EAP-TLS be mandatory, or > TTLS, MD5 or one of the other flavours? What about AES? > > Thanks, > > Ian > > _________________________________________________________________ > The new MSN 8: smart spam protection and 2 months FREE* > http://join.msn.com/?page=features/junkmail > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
