On Jan 14, 2016, at 12:49 PM, Peter Oh <poh@xxxxxxxxxxxxxx> wrote: > > > On 01/14/2016 05:19 AM, Janusz Dziedzic wrote: >> Add UDP support for ctrl interface. > can you add more details such as why we need it? Even if it's needed, there's essentially no security on the UDP packets. I don't see a static and *clear-text* cookie as offering any security. The protocol should at the minimum include randomness, so that packets can't be replayed. And the entire contents should be authenticated, ideally with an HMAC construct. Or, just use TCP and TLS for the control interface. That would be infinitely preferable to UDP. Alan DeKok. _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
