Since the original WEP definition specified a fixed key length of 40 bits, the registration of a client at an access point only had to communicate whether encryption should be used or not. Key lengths exceeding 40 bits require that the key length is announced. WPA provides a mechanism with which client and access point can agree on the encryption and authentication procedures to be used. The following information is made available:
- A list of encryption methods which the access point provides for the pairwise key—here, WEP is explicitly disallowed.
- A list of authentication methods a client may use to show itself to the WLAN as authorized for access—possible methods are currently EAP/802.1x or PSK.
As mentioned, the original WPA standard specifies only TKIP/Michael as an improved encryption method. With the further development of the 802.11i standard, the AES/CCM method described below was added. In a WPA network it is now possible for some clients to communicate with the access point using TKIP, while other clients use AES.