Are We There Yet?
So let's see, WPA gives us robust encryption and user authentication that even a home user can deal with. So what are those IEEE guys still doing behind closed doors?
The Wi-Fi Alliance's Wi-Fi Protected Access Overview document (PDF) says the main pieces of the 802.11i draft that are not included in Wi-Fi Protected Access are:
- secure IBSS
- secure fast handoff
- secure de-authentication and disassociation
- enhanced encryption protocols such as AES-CCMP.
These features either aren't ready for prime time or will require hardware upgrades to implement. The 802.11i specification is supposedly going to be published at the end of 2003, but my guess is that will now be even less likely, with WPA taking the heat off for awhile. My guess is 2005 for full 802.11i, but hey, why rush things?
In the meantime, the good news is that WPA's improvments can all be done via software and firmware upgrades that are expected to begin rolling out in Q1 2003. Keep in mind that the Wi-Fi Alliance doesn't plan to begin interoperability certification testing on WPA products until February 2003, and won't make WPA mandatory for products to receive the Wi-Fi mark until the end of 2003.
Finally, although the Alliance would have you believe that only products with the Wi-Fi mark will incorporate WPA, I expect that everyone will hop on the WPA bandwagon once it starts rolling. The sooner, the better!
For more info: