If NIST approves 802.11i, then VPNs may be optional in governmental installations: Matthew Gast notes that the potential approval of AES as an encryption method as part of 802.11i would allow system administrators in networks that rely on these NIST guidelines to avoid VPNs and use secured 802.1X with 802.11i using AES.
I wrote in InfoWorld in January of this year about 802.1X within 802.11i plus secured EAP could eliminate the cost and complexity of VPNs. 802.1X is relatively straightforward even with PEAP or other modes compared with VPN setup and management.
VPNs for roaming users are still a requirement, of course.
Good post. Thanks. If we could get FIPS-140-2 certified products this would really help convert conservative organization like banks and insurance.
Do you know if the MITM (Man in the Middle)attacks on PEAP have been finally thwarted? This is a concern that will keep people clinging to their VPNs.