802.1X requires support in the client via the operating system or a third-party software application; in the access point, through the ability to accept EAP (extensible authentication protocol) messages and hand them off to a RADIUS or other authentication server defined in some area of the access point’s configuration; and an authentication server that can respond with the right information to initiate the keying process after credentials are accepted.
None of these requirements is a high bar.
Windows XP has shipped with an 802.1X client for some time, although it only supports a couple of flavors of secured EAP, in which the credential exchange is encrypted within tunnels.
And virtually all mainstream RADIUS and similar servers are now equipped to talk 802.1X/EAP using various secured EAP methods.
The client is the weak point, because until last week, only Windows XP had a built-in 802.1X client.
Mac OS X 10.3 (Panther) now includes 802.1X support, and they feature all of the EAP types, including PEAP, LEAP, EAP-TLS, EAP-TTLS, and MD5.
(Because it’s a Mac, if you’re using a certificate-based EAP method, like EAP-TLS, you just drag a certificate from email into the Keychain program, and that’s that.)
Other platforms and other versions of operating systems aren’t out of luck because they can turn to Meetinghouse, which supports flavors of Windows and Mac OS X (before 10.3), as well as Linux 2.4 and Solaris.
WPA has driven this process faster, it seems to me, because WPA solves the key-changing problem.
With WPA, an 802.1X system could change keys every few minutes — or weeks or years potentially — without any reduction in the level of security even with the TKIP key that’s available as part of the WPA standard.
Another element driving 802.1X adoption is that it reduces VPN costs.
If you’re using a wireless-outside-the-firewall approach that requires a VPN client on the local network to tunnel through, you can completely eliminate the VPN client and per-seat server costs.
More info: [url=http://wifinetnews.com/archives/002434.html]http://wifinetnews.com/archives/002434.html[/url]