> > --31 October 2002 WPA is New Wireless Standard > The Wireless Fidelity Alliance has released a new standard called Wi-Fi > Protected Access (WPA).
WPA is actually a subset of the IEEE 802.11i standard. > [Editor's Note (Shpantzer) Who will go to the trouble of implementing > this temporary 'solution' only to replace it when 802.11i comes out? Customers who have existing access points whose security they'd like to improve. In most cases, full 802.11i support requires purchasing new APs. > Ted Ipsen, from the Information Risk Management practice at KPMG LLP, > says users should skip the WPA purchase altogether. Since WPA is in general a free firmware upgrade, avoiding a "purchase" is not hard. :) > Cisco put TKIP > and its own proprietary implementation of EAP (Cisco LEAP) into their > hardware about a year ago, and it's still only a stopgap measure. In most cases, it is not possible to implement a single-vendor solution that requires homogeneous NICs and APs, since many laptops (and PDAs!) come with 802.11 support built-in. The result is that the mix of NICs is whatever the OEM provides, and is not under control of the IT organization. The makes proprietary security solutions very difficult to deploy in practice. > (Ranum): How long will TKIP last? This is basically a layer of > re-keying atop a broken cryptosystem. You can't build a castle on > foundations of used chewing gum!] For some customer segments (financial, medical, government) FIPS certification will probably be important, and for those customers an upgrade to 802.11i will be compelling. However, for other less demanding customers, 802.11i by itself will probably not be sufficient to induce a "forklift upgrade", although some combination of increased speed, improved manageability, *and* improved security might be. As a result, I suspect that WPA will rapidly penetrate the home and SOHO markets where price points are very low and the additional cost of 802.11i implementations might not be easily recoverable. -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
