Women in Technology

Hear us Roar



Article:
  A Technical Comparison of TTLS and PEAP
Subject:   PEAP Clarifications
Date:   2002-11-26 09:27:34
From:   anonymous2
There are several points on PEAP in this article that are either incorrect, could use some clarification, or have been changed since its writing.


1. I think it's worth mentioning that PEAP Internet Draft is being driven by Cisco, Microsoft, & RSA.


2. Microsoft does not have the only PEAP client implementation. Cisco has PEAP built into its client as well, and other open source linux groups are working on integrating PEAP support on both the client & server.


3. Since the writing of the article, Microsoft has released 802.1X w/ PEAP support in most of its desktop OS's: WinNT4.0, 95/98/ME, Win2K, & XP.


4. Both Microsoft & Cisco have PEAP authentication servers. OSC Radiator for Linux will authenticate PEAP clients. I am confident that other PEAP-capable RADIUS servers exist.


Taking these points into consideration, I wonder if the article's conclusion was a bit too skewed to imply that PEAP would not have enough industry support or distribution.


In reality, it will be corporations that deploy a RADIUS based security solution for securing 802.11 WLAN's, and not your typical SOHO. I would be willing to bet that these corporations have significant investments into Microsoft & Cisco assets. The logical conclusion is not that difficult to guess:


A) Corporations typically use MS OS and it is probable that a Cisco infrastructure exists as well.


B) PEAP Internet draft is being led by Microsoft, Cisco, & RSA.


C) Corporations will be positioned to use PEAP over TTLS.


Full Threads Oldest First

Showing messages 1 through 1 of 1.

  • Matthew Gast photo PEAP Clarifications
    2002-12-10 16:18:11  Matthew Gast | O'Reilly AuthorO'Reilly Blogger [View]

    > 2. Microsoft does not have the only PEAP client
    > implementation. Cisco has PEAP built into its
    > client as well, and other open source linux
    > groups are working on integrating PEAP support
    > on both the client & server.

    At the time the article was written, PEAP were not widely available. The Cisco PEAP client was not shipping during N+I Atlanta 2002, though it was planned for release shortly afterward. The only PEAP client we could obtain at the time was the Microsoft client for Windows XP.

    > ... Microsoft has released 802.1X w/ PEAP
    > support in most of its desktop OS's: WinNT4.0,
    > 95/98/ME, Win2K, & XP.

    PEAP was added to XP in a service pack on September 7. PEAP was added to Windows 2000 with a download on December 3 (http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/8021xclient.asp).

    However, I can't find the code for the earlier Windows operating systems. Microsoft announced support for PEAP in desktop OSes on February 13, 2002 (http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/secwireless.asp), but that announcement was written saying that Microsoft would support PEAP in the future.

    A series of searches for "PEAP" on the Microsoft's Web site failed to turn up the desktop PEAP implementations for Windows 95/98/ME and Windows NT 4.0. The only result from running a search on "PEAP" in the Windows area is a page about the new features in .NET Server 2003.
    A general search throughout Microsoft yields a large number of technical documents, such as the definition of PEAP in TechNet (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsnetserver/proddocs/datacenter/sag_ias_protocols_peap.asp). The definition is still listed as "preliminary and subject to change."

    > Taking these points into consideration, I
    > wonder if the article's conclusion was a bit
    > too skewed to imply that PEAP would not have
    > enough industry support or distribution.

    I never meant to imply that PEAP would not have wide support. There is a great deal that Microsoft and Cisco can do to create support. All I meant to illustrate is that QA-tested and released TTLS-based products were generally available at the time I wrote the article, while PEAP was still coming together as a solution. If a buyer were looking for a solution that could be purchased and deployed immediately, TTLS is the only choice. (Unless anybody can point out the client support for Win95/98/ME, it may still be the only choice today.)

    Buyers who are willing to wait for a PEAP-based solution are welcome to do so.

    > A) Corporations typically use MS OS and it is
    > probable that a Cisco infrastructure exists as
    > well.

    This point is irrelevant to a choice between PEAP and TTLS. There is an extensive installed base of Microsoft operating systems in corporations supported by TTLS today. (Unless I missed the Win95/98/ME and NT4 downloads a minute ago, it may still be the only choice today!)

    > C) Corporations will be positioned to use PEAP
    > over TTLS.

    Unless they need a solution right now, in which case they can adopt TTLS today. There is no technical advantage to waiting for PEAP, since the protocol is similar. Running code counts for a lot in my book.