This binding of certificate to SSID is still a manual process. A better solution is needed, he says. In addition, Wi-Fi clients today cant check to see if a certificate has been revoked. The IEEE 802.11u extensions to Wi-Fi will eventually provide a mechanism for this.
VonNagys conclusion: In a properly implemented wireless network, this MS-CHAPv2 exploit is a non-issue. There is no need for Wi-Fi network administrators to abandon PEAP. Period.
John Cox covers wireless networking and mobile computing for Network World.Twitter: : john_cox@nww.comBlog RSS feed:
in Network World's Wide Area Network section.