Referring back to our three step process for WPA upgrading, Step 3 is turning out to be one of the dirty little secrets of WPA - at least in the initial going. It turns out that having a WPA-capable driver for your wireless adapter isn't all you need on that end of things. Although a WPA-capable driver adds the code for the WPA "equation" elements (TKIP, 802.1x, etc.), it doesn't necessarily provide the smarts that the client needs to know how to use those new capabilities.
That intelligence is contained in a piece of software known as a "supplicant", which is turning out to be trickier to implement than networking vendors (and their WLAN chip suppliers) figured. Right now the most widely-available choice in supplicants are the WPA patch for Windows XP, Funk Software's Odyssey client, and Meetinghouse Data Communications' AEGIS client.
Pros and Cons of these choices are:
- The XP patch adds WPA capability to WinXP's built-in "Zero Configuration" wireless client and as you'll see later, gets the job done. The good news is that it's a free download. The bad is that you must run WinXP to use it.
- Funk's client has a free downloadable demo, runs on Windows XP/2000/98/Me/Pocket PC, and supports a wider variety of authentication protocols than the WinXP patch. But you'll need to shell out about $50 per client if you end up purchasing it.
- The AEGIS client also has a free evaluation period and runs on more OSes including Linux, Mac OS X , Windows XP, NT, 2000, 98, ME, and Pocket PC 2002. The negative is that it's also a pay-for option, although at $40 a copy slightly less expensive.
So, right now, WPA supplicants for operating systems other than WinXP are not guaranteed to be included when you download your wireless adapter's WPA upgrade. I contacted a number of equipment and wireless chip vendors regarding this issue and asked their plans for providing supplicants for operating systems other than WinXP. Here's what I found:
3Com - Plans to include a WPA supplicant in its client application for its 802.11g client card only that will support WPA-PSK for Win98SE/ME/2000/XP. Users that need to use WPA with RADIUS authentication ("Enterprise mode") will be able to use the Win XP WPA patch and XP's Zero Config utility, but will need to purchase a third-party supplicant for other OSes.
Agere Systems - Agere is bundling a fully-functional version of Funk's Odyssey client with the client manager application that is supplied to its customers.
Apple - WPA support with supplicant will be included in Mac OS X version 10.3 ("Panther") that will ship by the end of 2003.
Atheros - Has integrated a WPA supplicant into the client manager application that is supplied to its customers
Belkin - "As for the non-XP OSes, our hope is to build the WPA support into the client software that we currently ship." Current WPA support is for WinXP with Microsoft's WPA patch.
Buffalo Tech - Right now, WPA upgrade instructions direct XP users to download Microsoft's WPA upgrade patch. Users of other OSes are referred to download Funk Software's Odyssey client free trial demo (registered application costs about $50 per client).
A Buffalo spokesperson indicated that work is in progress on a client with built-in WPA support that will also cover 802.11i (WPA2), but didn't say when the client would be available.
Linksys - Relying on Microsoft XP WPA patch. Refers users to Funk's Odyssey client for non-XP OSes.
NETGEAR - "We are looking to certify our products to work with Meetinghouse & Funk and are working with them now to see how we can provide with our client products."
SMC - "All of our EliteConnect Wireless Products will include WPA supplicants for OSes other than XP." SMC's position for its other wireless adapter product lines was unclear, although it already bundles an earlier version of Meetinghouse's AEGIS that doesn't handle WPA with some of its products.
TI - Did not respond.
USR - "Our tentative schedule is PC Card/PCI adapter support by end of August, followed by access point/router by end of September. These are tenatative and are subject to updates by TI."
ZyXEL - "ZyXEL currently provides a free copy of the Meetinghouse AEGIS client software with the ZyXEL wireless adapters. This enables customers running a non-XP or Win2000 SP3 OS to take advantage of IEEE802.1x authentication. ZyXEL will incorporate the additional WPA requirement of TKIP via a similar software upgrade for the existing base of ZyAIR client adapters, and for the newer ZyAIR products which are launching in the upcoming months, ZyXEL will include the supplicant software on the product CD."
Conclusion 2: From the correspondence I've had with companies in preparation for this article, I sense that WLAN product vendors know that the present bring-your-own situation for non-XP users isn't going to fly. Enough of them are working to fix this problem that any company that doesn't address it will eventually (hopefully sooner rather than later) be at a competitive disadvantage.
Conclusion 2a: In the short-term, if you want to avoid hassles and extra cost with WPA, your OS better be WinXP.