On Tue, Jan 05, 2016 at 04:43:54PM -0700, David Mosberger wrote: > Is it normal that "only" the key for broadcast/multicast would be > re-keyed once an hour? Or is there a separate key for the AP that > should be re-keyed? I'm trying to understand what the difference is > between the re-keying that is happening and what "reassociate" does. > I'm hoping that will help me narrow down what to look at in the > driver. Yes, this is a normal AP configuration especially when using TKIP as the group cipher. The pairwise keys between the AP and each station for unicast frame do not really need to be rekeyed in practice when using CCMP as the cipher. There have been bugs in drivers where group rekeying mess up something in the key configuration either for the group key itself or maybe even for the pairwise keys. In other words, this does not really sound anything new, but obviously the exact reason in the driver is likely to be specific to the driver. In any case, it's probably best to confirm with a full sniffer trace what is the exact frame that uses incorrect keying material or if no such frame is found, that the issue is only on the receiver processing on decryption. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap