The Wi-Fi Alliance standards group is going to launch an improved version of its WPA security specification later this year. "Products certified for WPA2 are anticipated to be available in the middle of 2004," said Wi-Fi Alliance Managing Director, Frank Hanzlik, but he pointed out that the existing WPA specification meets most security needs today.
WPA was produced as an interim security mechanism to improve on WEP (wired equivalent privacy), which was included in 802.11b products but found to be inadequate. It was produced quickly by the Wi-Fi Alliance, announced in March, and formally launched in May 2003, to cover people until the final security specification, 802.11i is delivered by the more slow-moving official standards body, the IEEE (See our analysis of the changes from WEP through WPA to IEEE 802.11i).
WPA2 has always been part of the Alliance's plans, featuring in a White Paper dated April 2003 on the Alliance's site. It adds the Advanced Encryption Standard (AES), an official US government standard, which was felt to be too demanding for current hardware in 2003 and brings WPA into line with 802.11i.
WPA has been a success, with 175 products from 40 vendors certified so far. Since September, all products with the Alliance's Wi-Fi brand have had to pass the WPA test. The standard has been a major factor in the nascent success of Wi-Fi in the enterprise, according to the Alliance, which quotes an industry analyst, Synergy Research, in its release: "Until recently, depressed IT spending had a significant negative impact on the market for enterprise wireless products," says the un-named Synergy analyst. "Furthermore, security has also been a major concern with Enterprise IT professionals, which has also slowed adoption. However, now that the Wi-Fi Protected Access security solution is available, Synergy has seen a marked increase in Enterprise WLAN sales."
Given all that, it seems likely that the Wi-Fi Alliance's WPA2 will be the market-friendly "brand name" for 802.11i, in much the same way as Wi-Fi itself has become a less intimidating way to refer to the 802.11 protocol family. For suppliers to go to market under the 802.11i banner might actually add to users' doubts about Wi-Fi security, or cause confusion. It could sound like a new flavour of Wi-Fi alongside 802.11a, 802.11b, and 802.11g.
WPA2 (or 802.11i) security may require a hardware change to support AES, but the Alliance points out that WPA and WPA2 can be run alongside each other, while WPA was not compatible with the previous WEP standard.