Wi-Fi phones are still awaiting the Wi-Fi fast-roaming standard, 802.11r, to allow them to catch up to the enterprise-class security capabilities of data devices.

802.11r was once anticipated for completion in late 2006, but we’re now looking at spring 2008 for final IEEE 802.11 Task Group R final board approval.

802.11r aims to minimize the interaction between Wi-Fi access points and backend RADIUS authentication servers by standardizing how some client credentials are cached in an AP. RADIUS authentication is required for 802.11i Wi-Fi Protected Access 2-Enterprise Mode (WPA2-EM) security, and WPA2-EM requires client re-authentication by the centralized server every time an AP handoff occurs.

The idea behind 802.11r is to speed up the handoff of a user client device and associated credentials from one AP to another when the user roams or the client re-associates with a new AP for other reasons. Today’s WPA2-EM re-authentication times can inject too much delay into the handoff process for voice to tolerate, notes Ben Guderian, a vice president at Polycom/SpectraLink, a veteran in wireless telephony for businesses.

Once 802.11r is ratified and supported in handsets and APs, WPA2-EM, which uses the 802.1x security framework, should theoretically work in Vo-Fi deployments.

In the interim, some Wi-Fi companies, such as Cisco, support proprietary fast-roaming capabilities. And most Vo-Fi-capable handsets support WPA2-Personal Mode, also called Pre-Shared Key (PSK) mode. WPA2-PSK affords pretty strong security, but requires some tradeoffs for usability. Its main foible is that it shares a single passkey among all APs in the Wi-Fi network, so a compromise in the passkey would threaten the entire network.

The good news is that, unlike earlier 802.11 security versions, the key isn’t sent over the air, and it is not discoverable by backing out of the data transmitted, says Guderian.

“The biggest risk is that an administrator puts the passkey on a Post-It note and someone reads it,” he says.

Joanie Wexler is an independent networking technology writer/editor in Silicon Valley.