PEAP (Protected Extensible Authentication Protocol)
A protocol proposed by Microsoft, Cisco and RSA Security for securely transporting authentication data, including passwords, over 802.11 wireless networks.
Like the competing standard Tunneled Transport Layer Security (TTLS), PEAP makes it possible to authenticate wireless LAN clients without requiring them to have certificates, simplifying the architecture of secure wireless LANs.
TTLS and PEAP work within the framework of the broad-based IEEE 802.11 wireless LAN standard for authentication known as 802.1X. PEAP and TTLS each use Transport Layer Security - which is often described as a better Secure Sockets Layer - to set up an end-to-end tunnel to transfer the user's credentials, such as a password, without having to use a certificate on the client.
It is considered an advance on Cisco's current Lightweight EAP in part because it supports secure mutual authentication.
"PEAP and TTLS are almost identical," says Joel Snyder, senior partner at consultancy OpusOne, a Network World Global Test Alliance partner. "It doesn't make sense to have both. It's like having two sizes of floppies."
From
Microsoft, Cisco prepare for PEAP show, Network World, 09/23/02.
Additional resources
PEAP draft
Proposed RFC.
Microsoft PEAP SDK
Add a comment
