A Technical Comparison of TTLS and PEAP
Subject:   PEAP Clarifications
Date:   2002-12-10 16:18:11
From:   MatthewGast
Response to: PEAP Clarifications

> 2. Microsoft does not have the only PEAP client
> implementation. Cisco has PEAP built into its
> client as well, and other open source linux
> groups are working on integrating PEAP support
> on both the client & server.

At the time the article was written, PEAP were not widely available. The Cisco PEAP client was not shipping during N+I Atlanta 2002, though it was planned for release shortly afterward. The only PEAP client we could obtain at the time was the Microsoft client for Windows XP.

> ... Microsoft has released 802.1X w/ PEAP
> support in most of its desktop OS's: WinNT4.0,
> 95/98/ME, Win2K, & XP.

PEAP was added to XP in a service pack on September 7. PEAP was added to Windows 2000 with a download on December 3 (

However, I can't find the code for the earlier Windows operating systems. Microsoft announced support for PEAP in desktop OSes on February 13, 2002 (, but that announcement was written saying that Microsoft would support PEAP in the future.

A series of searches for "PEAP" on the Microsoft's Web site failed to turn up the desktop PEAP implementations for Windows 95/98/ME and Windows NT 4.0. The only result from running a search on "PEAP" in the Windows area is a page about the new features in .NET Server 2003.
A general search throughout Microsoft yields a large number of technical documents, such as the definition of PEAP in TechNet ( The definition is still listed as "preliminary and subject to change."

> Taking these points into consideration, I
> wonder if the article's conclusion was a bit
> too skewed to imply that PEAP would not have
> enough industry support or distribution.

I never meant to imply that PEAP would not have wide support. There is a great deal that Microsoft and Cisco can do to create support. All I meant to illustrate is that QA-tested and released TTLS-based products were generally available at the time I wrote the article, while PEAP was still coming together as a solution. If a buyer were looking for a solution that could be purchased and deployed immediately, TTLS is the only choice. (Unless anybody can point out the client support for Win95/98/ME, it may still be the only choice today.)

Buyers who are willing to wait for a PEAP-based solution are welcome to do so.

> A) Corporations typically use MS OS and it is
> probable that a Cisco infrastructure exists as
> well.

This point is irrelevant to a choice between PEAP and TTLS. There is an extensive installed base of Microsoft operating systems in corporations supported by TTLS today. (Unless I missed the Win95/98/ME and NT4 downloads a minute ago, it may still be the only choice today!)

> C) Corporations will be positioned to use PEAP
> over TTLS.

Unless they need a solution right now, in which case they can adopt TTLS today. There is no technical advantage to waiting for PEAP, since the protocol is similar. Running code counts for a lot in my book.