On Fri, Mar 02, 2018 at 03:10:52PM -0500, msiedzik@xxxxxxxxxxxxxxxxxxx wrote: > When the number of live peers becomes 0 the KaY is setting > 'kay->authenticated' true and telling the CP to connect AUTHENTICATED. > Per IEEE802.1X-2010 Clause 12.2, MKA.authenticated means "the Key Sever > has proved mutual authentication but has determiend that Controlled Port > communication should proceed without the use of MACsec", which means > port traffic will be passed in the clear. > When the number of live peers becomes 0 the KaY must instead set > 'kay->authenticated' false and tell the CP to connect PENDING. Per > Clause 12.3 connect PENDING will "prevent connectivity by clearing the > controlledPortEnabled parameter." Thanks, applied. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
