Microsoft has finally delivered Wi-Fi Protected Access 2 (WPA2) support, but the offering is not fully compliant with the latest Wi-Fi Alliance specification.
On 12 May 2005, Microsoft announced a free update to Windows XP Service Pack 2 (SP2) that supports WPA2, a Wi-Fi Alliance wireless security certification program.
This move by Microsoft provides improved WPA2 encryption — namely, AES (Advanced Encryption Standard) — in Windows XP SP2. However, what Microsoft has adopted doesn't incorporate the Wi-Fi Alliance's most recent additions to WPA2. In April 2005, the Wi-Fi Alliance expanded its WPA2 authentication choices (in what Gartner calls WPA2-rev2). The Microsoft release is 802.11i-compliant, but from an interoperability perspective it is compliant with WPA2-rev1 only. Thus, enterprises using Cisco PEAP, EAP-SIM or EAP-TTLS (three different types of Extensible Authentication Protocol) will not have native Microsoft support in this update, but will require a third-party plug-in. Only Microsoft PEAP and EAP-TLS are formally supported.
To date, the absence of a Microsoft WPA2 supplicant has been one of several factors that have stalled adoption of the Wi-Fi Alliance certification program. This announcement by Microsoft will help any customer satisfied with the WPA2-rev1 framework. But customers who wish to move to the latest WPA2 framework will still have to purchase third-party clients from vendors such as Funk Software. Microsoft has not announced any timetable to synchronize its supplicant with the WPA2-rev2 specification. Furthermore, Microsoft has only hinted at a Windows Mobile supplicant, leaving enterprises to deal with a mixed-vendor environment across various categories of mobile devices. Each infrastructure vendor must now resubmit its products for WPA2-rev1 testing to ensure that they operate with this new Microsoft supplicant. Enterprises with WPA2-rev1 infrastructure cannot automatically assume that the Microsoft supplicant will work problem-free without testing.
Recommendations: Enterprises that require only WPA2-rev1 can use the new Microsoft Windows XP supplicant as long as their wireless local-area network (WLAN) infrastructure vendor supports it. Microsoft should move to upgrade to WPA2-rev2 across both the Windows and Windows Mobile platforms by year-end 2005. Until then, vendors and end users alike will be faced with the added complexity of third-party add-on products.
Analytical Sources: Ken Dulaney and John Pescatore, Gartner Research
Recommended Reading and Related Research
"Wi-Fi's Expanded WPA, WPA2 Certification May Confuse Buyers" — In a recent update, the Wi-Fi Alliance expanded its WPA2 authentication choices. By John Pescatore, Ken Dulaney and Rachna Ahlawat
"New 802.11i Standard Will Advance Wireless Networking" — The approval of the 802.11i standard is an important step toward legitimizing WLANs, but the need for interoperability among vendors and network types remains. By Ken Dulaney and others
(You may need to sign in or be a Gartner client to access the documents referenced in this First Take.)