[citation needed] PEAP is similar in design to EAP-TTLS, requiring only a server-side PKI certificate to create a secure TLS tunnel to protect user authentication, and uses server-side public key certificates to authenticate the server.
PEAP-EAP-TLS requires client installation of a client-side digital certificate or a more secure smartcard.
Ultimately, PEAPv0/EAP-MSCHAPv2 is by far the most prevalent implementation of PEAP, due to the integration of PEAPv0 into Microsoft Windows products.
PEAP has been so successful in the market place that even Funk Software (acquired by Juniper Networks in 2005), the inventor and backer of EAP-TTLS, added support for PEAP in their server and client software for wireless networks.
There are client and server implementations of it from various vendors, including support in all recent releases from Microsoft, Apple Computer and Cisco.
If the CA certificate is not validated, in general it is trivial to introduce a fake Wireless Access Point which then allows gathering of MS-CHAPv2 handshakes.
[11] PEAPv1/EAP-GTC was created by Cisco to provide interoperability with existing token card and directory based authentication systems via a protected channel.
Nokia E66 and later mobile phones ship with a version of Symbian which includes EAP-GTC support.