To be clear, this is about "PSK mode" which provides for authentication with a pre-shared key, using the 4-way handshake only, no EAP exchange. So in PSK mode there is no RADIUS server, no EAP methods (EAP-TLS, LEAP), etc. As Bob's paper states, PSK mode is an *alternative* to 802.1X dynamic key establishment.
Note that in IEEE 802.11i, in addition to the 4-way handshake as an avenue for attack, a hash of the PSK is also sent in the Reassociation Request. This is also subject to dictionary attack, and may be a more attractive target than the 4-way handshake. Since no EAP methods are used in PSK mode, and because key rotation involves a new key handshake but no new EAP exchange, this issue is not an EAP issue per say, but only relates to WPA & RSN key exchange. -- general wireless list, a bawug thing <http://www.bawug.org/> [un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
