This binding of certificate to SSID is still a manual process. A better solution is needed, he says. In addition, Wi-Fi clients today cant check to see if a certificate has been revoked. The IEEE 802.11u extensions to Wi-Fi will eventually provide a mechanism for this.

VonNagys conclusion: In a properly implemented wireless network, this MS-CHAPv2 exploit is a non-issue. There is no need for Wi-Fi network administrators to abandon PEAP. Period.

John Cox covers wireless networking and mobile computing for Network World.Twitter: : john_cox@nww.comBlog RSS feed:

in Network World's Wide Area Network section.