A Technical Comparison of TTLS and PEAP
Subject:   RE: PEAP Clarifications
Date:   2002-12-13 08:06:29
From:   anonymous2
Microsoft announced support for 802.1x w/ PEAP in early November of this year. Since then, however, they've pulled their clients and modified their announcement so that support is only offered on Win 2000 & XP. I do not know why they have done this, although I can speculate ... One of my peers still has the Microsoft NT4.0 PEAP client. Given this recent change, much of your response makes sense.

A heavily entrenched Microsoft & Cisco infrastructure does in fact matter in buying decisions, and is not irrelevent to a TTLS vs. PEAP decision, albeit perhaps not soley on technical merit. I agree with you that TTLS & PEAP are very similar technically, but I do not hold the same philosophy of implementing immediately without considering the future ramifications. Because TTLS & PEAP are so similar, it makes sense that only one will become the dominant industry leader/standard. I would not want to invest a substantial amount of energy into implementing TTLS, only to see it never really take off, and receive minimal support and updates over the long run. Clearly, you can gather from my response that I think PEAP will become the dominant of the two solutions.

Additionally, you have to ask which direction embedded wireless handheld devices will go. Are the major players in that industry licensing PEAP or TTLS for positioning?

If someone needs instant security, but has a significant user base of pre-Win2000 laptops, another solution would be to implement 802.1X w/ LEAP and enforcing a strong password policy. By using ACS and Aironet client cards, the move to PEAP would be easier.