ONJava.com -- The Independent Source for Enterprise Java
oreilly.comSafari Books Online.Conferences.


AddThis Social Bookmark Button
  A Technical Comparison of TTLS and PEAP
Subject:   PEAP Clarifications
Date:   2002-12-10 16:18:11
From:   MatthewGast
Response to: PEAP Clarifications

> 2. Microsoft does not have the only PEAP client
> implementation. Cisco has PEAP built into its
> client as well, and other open source linux
> groups are working on integrating PEAP support
> on both the client & server.

At the time the article was written, PEAP were not widely available. The Cisco PEAP client was not shipping during N+I Atlanta 2002, though it was planned for release shortly afterward. The only PEAP client we could obtain at the time was the Microsoft client for Windows XP.

> ... Microsoft has released 802.1X w/ PEAP
> support in most of its desktop OS's: WinNT4.0,
> 95/98/ME, Win2K, & XP.

PEAP was added to XP in a service pack on September 7. PEAP was added to Windows 2000 with a download on December 3 (http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/8021xclient.asp).

However, I can't find the code for the earlier Windows operating systems. Microsoft announced support for PEAP in desktop OSes on February 13, 2002 (http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/secwireless.asp), but that announcement was written saying that Microsoft would support PEAP in the future.

A series of searches for "PEAP" on the Microsoft's Web site failed to turn up the desktop PEAP implementations for Windows 95/98/ME and Windows NT 4.0. The only result from running a search on "PEAP" in the Windows area is a page about the new features in .NET Server 2003.
A general search throughout Microsoft yields a large number of technical documents, such as the definition of PEAP in TechNet (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windowsnetserver/proddocs/datacenter/sag_ias_protocols_peap.asp). The definition is still listed as "preliminary and subject to change."

> Taking these points into consideration, I
> wonder if the article's conclusion was a bit
> too skewed to imply that PEAP would not have
> enough industry support or distribution.

I never meant to imply that PEAP would not have wide support. There is a great deal that Microsoft and Cisco can do to create support. All I meant to illustrate is that QA-tested and released TTLS-based products were generally available at the time I wrote the article, while PEAP was still coming together as a solution. If a buyer were looking for a solution that could be purchased and deployed immediately, TTLS is the only choice. (Unless anybody can point out the client support for Win95/98/ME, it may still be the only choice today.)

Buyers who are willing to wait for a PEAP-based solution are welcome to do so.

> A) Corporations typically use MS OS and it is
> probable that a Cisco infrastructure exists as
> well.

This point is irrelevant to a choice between PEAP and TTLS. There is an extensive installed base of Microsoft operating systems in corporations supported by TTLS today. (Unless I missed the Win95/98/ME and NT4 downloads a minute ago, it may still be the only choice today!)

> C) Corporations will be positioned to use PEAP
> over TTLS.

Unless they need a solution right now, in which case they can adopt TTLS today. There is no technical advantage to waiting for PEAP, since the protocol is similar. Running code counts for a lot in my book.