On 12 May 2005, Microsoft announced a free update to Windows XP Service Pack 2 (SP2) that supports WPA2, a Wi-Fi Alliance wireless security certification program.
This move by Microsoft provides improved WPA2 encryption — namely, AES (Advanced Encryption Standard) — in Windows XP SP2. However, what Microsoft has adopted doesn't incorporate the Wi-Fi Alliance's most recent additions to WPA2. In April 2005, the Wi-Fi Alliance expanded its WPA2 authentication choices (in what Gartner calls WPA2-rev2). The Microsoft release is 802.11i-compliant, but from an interoperability perspective it is compliant with WPA2-rev1 only. Thus, enterprises using Cisco PEAP, EAP-SIM or EAP-TTLS (three different types of Extensible Authentication Protocol) will not have native Microsoft support in this update, but will require a third-party plug-in. Only Microsoft PEAP and EAP-TLS are formally supported.
To date, the absence of a Microsoft WPA2 supplicant has been one of several factors that have stalled adoption of the Wi-Fi Alliance certification program. This announcement by Microsoft will help any customer satisfied with the WPA2-rev1 framework. But customers who wish to move to the latest WPA2 framework will still have to purchase third-party clients from vendors such as Funk Software. Microsoft has not announced any timetable to synchronize its supplicant with the WPA2-rev2 specification. Furthermore, Microsoft has only hinted at a Windows Mobile supplicant, leaving enterprises to deal with a mixed-vendor environment across various categories of mobile devices. Each infrastructure vendor must now resubmit its products for WPA2-rev1 testing to ensure that they operate with this new Microsoft supplicant. Enterprises with WPA2-rev1 infrastructure cannot automatically assume that the Microsoft supplicant will work problem-free without testing.
Recommendations: Enterprises that require only WPA2-rev1 can use the new Microsoft Windows XP supplicant as long as their wireless local-area network (WLAN) infrastructure vendor supports it. Microsoft should move to upgrade to WPA2-rev2 across both the Windows and Windows Mobile platforms by year-end 2005. Until then, vendors and end users alike will be faced with the added complexity of third-party add-on products.
Analytical Sources: Ken Dulaney and John Pescatore, Gartner Research
Recommended Reading and Related Research
(You may need to sign in or be a Gartner client to access the documents referenced in this First Take.)
|Resource Id: 480984|