* PEAP-TLV en route for Wi-Fi hot spots Just when you thought the industry had enough Extensible Authentication Protocol – EAP – methods to last a lifetime…think again.Apparently, a new version of Protected EAP, or PEAP, will soon be emerging for use in Wi-Fi hot spots. Called PEAP-Type, Length, and Value (PEAP-TLV), the new flavor is being created at the IETF with strong influences by Microsoft.It is targeted at securing the initial authentication message in a public wireless network and, potentially, creating a secure 802.1X framework for hot spots in general.The initial idea is to protect the first connection during which a would-be user of a wireless ISP’s (WISP) hot spot service signs on to the service and gains access by presenting a valid (and confidential) credit card number. Some hot spots support HTTPS/SSL (Secure Sockets Layer) using a captive portal for that initial sign-on. But currently, in many WISP implementations, that initial handshake takes place in the clear. The reason is that, by definition, public networks are open networks, inviting usage and commerce.Also, in HTTPS/SSL environments, while the transaction session is encrypted, the subsequent public sessions – Web browsing, instant messaging, public e-mail – are not, leaving public hot spot traffic vulnerable to attack. Enforcing a secured Wi-Fi hot spot service could be a more mature generation of services that WISPs might offer if something like PEAP-TLV were to become available. Sources indicate that PEAP-TLV is scheduled to become available in Microsoft XP’s Service Pack 2 for clients, due this quarter, and will run on the Microsoft Internet Authentication Service (IAS), the Windows implementation of a RADIUS server and proxy. (IAS plays the role of “authentication server” in 802.1X parlance.)In such a scenario, IAS would be configured as a RADIUS server to authenticate and authorize users in a Microsoft Active Directory connecting to the WISP network.PEAP-TLV will reportedly provide IAS with the ability to send the location of the provisioning server to wireless client computers in the form of a URL. With the URL of the provisioning server, wireless clients can download provisioning XML files and begin the initial sign-up or subscription renewal process. In other words, clients get authenticated to some network resources immediately, enabling them to pay for service securely, before then gaining access to network resources at large. Related content news Dell provides $150M to develop an AI compute cluster for Imbue Helping the startup build an independent system to create foundation models may help solidify Dell’s spot alongside cloud computing giants in the race to power AI. By Elizabeth Montalbano Nov 29, 2023 4 mins Generative AI news DRAM prices slide as the semiconductor industry starts to decline TSMC is reported to be cutting production runs on its mature process nodes as a glut of older chips in the market is putting downward pricing pressure on DDR4. By Sam Reynolds Nov 29, 2023 3 mins Flash Storage Technology Industry news analysis Cisco, AWS strengthen ties between cloud-management products Combining insights from Cisco ThousandEyes and AWS into a single view can dramatically reduce problem identification and resolution time, the vendors say. By Michael Cooney Nov 28, 2023 4 mins Network Management Software Cloud Computing opinion Is anything useful happening in network management? Enterprises see the potential for AI to benefit network management, but progress so far is limited by AI’s ability to work with company-specific network data and the range of devices that AI can see. By Tom Nolle Nov 28, 2023 7 mins Generative AI Network Management Software Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe