Originally Posted By: peter
In that situation I'd want to roll out a per-client-revokable version of WPA, but I've actually no idea how hard/impractical that is

Most people at home using WPA are actually using WPA-Personal, which is just a simple password for authentication. Companies should be using WPA-Enterprise, which allows for a variety of authentication mechanisms, but regardless of the specifics, allows for per-user authentication.

While this is obviously useful for stolen laptops, it's more commonly useful for leaving employees. Just disable their account and you're done. No need to redistribute authentication parameters.

Most full-fledged computers do WPA-Enterprise just fine. Sometimes handheld devices don't. My PSP doesn't for example. But some do, like my (ugh) Blackberry.
_________________________
Bitt Faulk