For home users, the eventual goal is to have the new security features activated out of the box, but that won't be possible until some time next year because interoperability issues between vendors need to be worked out, Eaton said. However, the features should be easy for home users to activate, he said.
One network administrator who has experimented with wireless LANs said the new specifications might ease his concerns about security.
Concordia College, in Moorhead, Minnesota, now has a set of wireless-equipped notebook PCs and an access point, which can be moved from one classroom to another as a temporary LAN, said Dennis Duncan, a network manager at the college. WEP is enabled on that LAN, but Duncan has held back on bigger wireless deployments.
"We haven't had any problems, but I know there have been exploits on (WEP)," Duncan said. "Before we did a wide-open wireless environment, like in the library, I'd want to have something better than WEP," he added. Proprietary security tools from a particular vendor probably wouldn't help in the college environment, Duncan said, because students buy their own interface cards, usually low-priced ones without any special features.
WPA's stronger key system and user authentication could make it feasible to roll out more wireless LANs, he said.
"If we could implement that kind of thing, that would be great," Duncan said.
The draft test plan for WPA is expected to be completed Nov. 8 and interoperability testing to begin Nov. 22. Certification is set to begin Feb. 3, according to Eaton.
The Wi-Fi Alliance plans to adopt the full 802.11i standard as version 2 of WPA, and begin certification in early 2004. Among other new features, that standard currently includes two other encryption algorithms, WRAP (Wireless Robust Authenticated Protocol) and CCMP (Counter with Cipher Block Chaining Message Authentication Code Protocol).
Strong, consistent security standards will help the industry mature, said Gerry Purdy, principal analyst at MobileTrax LLC, in Cupertino, California.
"Eventually, it's going to be shown that there's a right way to manage security ... those that comply with that will get consideration (from buyers) and those that don't, won't," he said.