Lelio: As you pointed out, it's not common, but WPA/AES is a valid combination. You give up some smaller aspects of WPA2 that enhance key security, but you still get all the cryptographic benefit of AES over TKIP. On the other hand, it's an odd combination and I would only recommend it for a residential environment where there unique circumstances preclude full WPA2-PSK. I would definitely recommend option 2. It's going to be the easiest to support. Otherwise you're going to have your users needlessly struggle to find and/or implemented the WPA/2/TKIP and WPA/AES when they should just pass those by. Regards, Frank
_____ From: Lelio Fulgenzi [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 12, 2006 8:20 AM To: [email protected] Subject: [WIRELESS-LAN] WPA & AES support I'm just wondering what other people are thinking about WPA & AES support. All the documentation (and what I understood) refers to AES as a WPA2 component, however, I've seen many wireless configuration screens that allow for WPA and AES. Forums typically discount this to 'sloppy' programming, however, where I still find that to be a 'stretch', I can see where that might happen in a card that supports WPA2, but I've found it to be the case in a card that only support WPA to see both TKIP and AES. My thought was that this option was there for AES support on a WPA-PSK or home implementation as I've seen some boxes advertise that. Our choice (documentation and support wise) is to say either: 1. Choose one of these options (in order of preference) with a note saying sometimes not all options work and to go down the list until one does: * WPA2 + AES * WPA2 + TKIP * WPA + AES * WPA + TKIP 2. Choose one of the following options: * WPA2 + AES * WPA + TKIP Just wondering if we are buying ourselves more support headaches trying to support the odd auth/crypt types. Comments? ---------------------------------------------------------------------------- ---- Lelio Fulgenzi, B.A. Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1 (519) 824-4120 x56354 (519) 767-1060 FAX (JNHN) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ "I can eat fifty eggs." "Nobody can eat fifty eggs." ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
