The Wi-Fi Alliance® announcement of Wi-Fi CERTIFIED WPA3™ is mostly focused on WPA3-Personal which isn’t of interest for eduroam deployments.
WPA3-Enterprise does include a roll-up of several late additions to WPA2-Enterprise certification. This ensures that WPA3-Enterprise certified devices are guaranteed to:
- be immune against the KRACK vulnerability,
- support Protected Management Frames (PMF),
- validate a server certificate to a root CA (if optionally configured).
There are small but useful benefits for WPA3-Enterprise, and there is a new optional operation mode WPA3-Enterprise with 192-Bit Security with significant interoperability issues on the deployed base of eduroam WPA-Enterprise hotspots.
WPA3-Enterprise with 192-Bit Security MUST NOT be configured.
The only action, which typically does not require monetary investments at all, is to turn on support for Protected Management Frames (PMFs) in the existing eduroam SP network deployment and to turn off WPA1.
Download the complete advisory to read a more detailed explaination.
eduroam® is a registered trademark and servicemark of GEANT Association.
Wi-Fi CERTIFIED WPA3™ is a trademark of Wi-Fi Alliance®.