This binding of certificate to SSID is still a manual process. A better solution is needed, he says. In addition, Wi-Fi clients today cant check to see if a certificate has been revoked. The IEEE 802.11u extensions to Wi-Fi will eventually provide a mechanism for this.
VonNagys conclusion: In a properly implemented wireless network, this MS-CHAPv2 exploit is a non-issue. There is no need for Wi-Fi network administrators to abandon PEAP. Period.
John Cox covers wireless networking and mobile computing for Network World.Twitter: http://twitter.com/johnwcoxnwwEmail: firstname.lastname@example.orgBlog RSS feed: http://www.networkworld.com/community/blog/2989/feed
Read more about wide area network in Network World's Wide Area Network section.