JSI Tip 6414. Protected EAP (PEAP) support has been added to Windows XP SP1 and Windows Server 2003.

Microsoft Knowledge Base Article 325725 contains the following summary:

RFC 2284 defines the Extensible Authentication Protocol (EAP), which provides support for multiple authentication methods. Although EAP was originally created for use with Point-to-Point Protocol (PPP), it has been adopted for use with IEEE 802.1x Network Port Authentication.

Since EAP's deployment, a number of weaknesses in EAP have become noticeable. These include the following:

Lack of protection of the user identity or the EAP negotiation.
No standardized mechanism for key exchange.
No built-in support for fragmentation and reassembly.
Lack of support for fast reconnect.

Protected EAP (PEAP) addresses these deficiencies by wrapping the EAP protocol in Transport Layer Security (TLS). Any EAP method running in PEAP is provided with built-in support for key exchange, session resumption, and fragmentation and reassembly.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.