On 23/11/2018 11:16, Jouni Malinen wrote: > On Thu, Nov 22, 2018 at 07:30:41PM +0100, Arnout Vandecappelle wrote: >> The Multi-AP specification allows the backhaul SSID to be Open (while the >> fronthaul on which the WPS is done is WPA2). This is of course a completely >> silly configuration, but I guess we should support it... > > Can you please point me to the exact location in the tech spec where you > think this is said? I could not find any clear indication of such case > being supported. It's not explicit. The spec allows WPA2PSK and Open in the setup of a BSS (Multi-AP Specification v1.0, Section 7.1, 4th paragraph, last sentence: "A Multi-AP Controller shall set the Authentication Type attribute in M2 to indicate WPA2TM-Personal or Open System Authentication." Thus, it is allowed to set WPA2PSK for the fronthaul and Open for the backhaul. Thus, for onboarding with WPS, the WPS exchange happens on the fronthaul BSS which is WPA2PSK, while the backhaul to be configured is open. Oh and actually, even in the case that both fronthaul and backhaul are Open, we still want to be able to use WPS/PBC for onboarding. > Regardless, if there is no real use case for something, > I see no point in implementing something just because it might be > allowed by the spec. I kind of agree with that. However, it might be required for certification. Marianna, could you check that? Is there a test of WPS where the backhaul has Open? Regards, Arnout > >> # Security setting for the Multi-AP backhaul link configured through WPS >> # 0 - Open network >> # 2 - WPA2/PSK (default) >> multiap_backhaul_bss_wpa=2 > > I would not add this unless someone can come up with a realistic use > case for this. > _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
