yippee - more expensive stuff to sell!!!!!! :)
So long, WEP. Actually Chuck, from a strictly male perspective its: "More expensive toys to play with". :-D
As I do my research and answer customer questions, two things I have learned:
1) several vendors, including Cisco and proxim, say their existing B equipment will NOT be upgradable to support the i standard.
2) 128 WEP plus TKIP plus an appropriate and secure authentication protocol ( EAP TTLS, PEAP, EAP TLS for example ) equals pretty good security which is unbrakable given today's computing power.
So I suspect that customers with a large installed base of B products will be using WEP for a couple more years to come.
802.11i compliance should mean nothing other than compliance with 802.11 as amended by 802.11i. Taken in this light, virtually every 802.11 radio is in compliance with 802.11i!
The 802.11i abstract reads in part: "Security mechanisms for IEEE 802.11 are defined in this amendment, which includes a definition of WEP for backward compatibility with the original standard, IEEE Std 802.11, 1999 Edition. This amendment defines TKIP and CCMP, which provide more robust data protection mechanisms than WEP affords. "
And 802.11 184.108.40.206 reads in part: "IEEE 802.11 provides three cryptographic algorithms to protect data traffic: WEP, TKIP, and CCMP. WEP and TKIP are based on the RC4 algorithm, and CCMP is based on the advanced encryption standard (AES)."
And 802.11 220.127.116.11.1 table 20da lists the following "cipher suites": WEP-40, TKIP, CCMP, and WEP-104.
For some vendors "does not support 802.11i" means "no AES yet".
So we should not ask, does this radio support 802.11i? We should ask, which cipher suites does this radio support?
The Wi-Fi Alliance has helped us here. Supports WiFi Protected Access (WPA) = "includes TKIP", and supports WPA2 = "includes CCMP".
It is my own opinion that 802.11 gear that does not support at least TKIP should be discarded -- along with faux security mechanisms such as obscure SSIDs, hidden SSIDs, cell sizing, MAC address filters, DHCP denial, etc.
I hope this helps.