On Tue, May 09, 2017 at 01:42:32PM +0200, Jaap Keuter wrote: > As described above, interop tests were done with wpa_supplicant only (with and without this patch applied), because of lack of other MKA capable equipment. > > So, if you feel this change is too risky, I can understand you dropping it, although it would implement the standard as intended, IMHO. > If anyone has an informed opinion on this I would be interested. I ended up applying this now. That said, have no means of testing this myself with other implementations and I have not heard of any clear indication that this would work with devices that have been deployed so far. Anyway, I do agree that the IEEE 802.1X standard is pretty clear on the receiver requirements, so from that view point, everything out there is supposed to be able to process the ICV without the separate set parameters header. It would be nice to hear if anyone has a chance to test the current hostap.git snapshot of wpa_supplicant against some other implementations. There's been number of MKA/MACsec changes in the code recently since I finally implemented hwsim test cases to cover most of this functionality and felt more confident about applying the pending patches and other cleanup and fixes that came from my own review of the implementation. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
