Microsoft Knowledge Base Article 325725 contains the following summary:
RFC 2284 defines the Extensible Authentication Protocol
(EAP),
which provides support for multiple authentication methods.
Although EAP
was originally created for use with Point-to-Point Protocol (PPP),
it has been
adopted for use with IEEE 802.1x Network Port Authentication.
Since
EAP's deployment,
a number of weaknesses in EAP have become noticeable.
These
include the following:
• | Lack of protection of the user identity or the EAP negotiation. |
• | No standardized mechanism for key exchange. |
• | No built-in support for fragmentation and reassembly. |
• | Lack of support for fast reconnect. |
Protected EAP (PEAP) addresses these deficiencies by wrapping the EAP protocol in Transport Layer Security (TLS). Any EAP method running in PEAP is provided with built-in support for key exchange, session resumption, and fragmentation and reassembly.