Hi Jouni, Many thanks for replying. Since 802.1X-2010 compliance is mandatory for my requirement, I am planning to make EAPOL state machine implementation of hostap to be compliant to 2010 standard and I have some questions regarding this. 1. After comparing EAPOL state machines of 802.1X-2004 & 802.1X-2010, I noticed that, some intermediate states are removed in 2010 standard. Is this to solve some vulnerabilities of 802.1X-2004 standard or to make the state machine simple? If state machine definition is changed to just to make it simple, I think, we can still retain the existing state machine implementation of hostap. 2. 802.1X-2010 standard does not talk about EAPOL back-end state machine. So I believe, I can retain the implementation of back-end state machine of hostap as is. Correct me If I am wrong here. Regards, Badrish On Tue, Feb 23, 2016 at 4:04 PM, Jouni Malinen <j@xxxxx> wrote: > On Tue, Feb 23, 2016 at 11:35:16AM +0530, Badrish Adiga H R wrote: >> are EAPOL & EAP state machine implementations in hostapd & >> wpa_supplicant 802.1X-2010 compliance. If no, what extra we might have >> to implement to be compliant to mandatory requirements of IEEE >> 802.1X-2010 standard? > > The main EAPOL implementation used in hostapd and wpa_supplicant > (src/eapol_auth/* and src/eapol_supp/*) is actually based on IEEE Std > 802.1X-2004, not the 2010 version. Only the MACsec related supplicant > side implementation in src/pae/* is based on the 2010 version. > > -- > Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap