On Mon, Jan 07, 2019 at 10:01:44AM +0100, Michał Kazior wrote: > I don't really have a strong case for using PMK other than its just > convenient and straightforward. > > I'm mostly okay with a key identifier though. I'll rework it and re-spin. Thanks. > Does space-separated key=value list (with = being forbidden in > key/value strings) sound good? Or do you see the need for escaping to > allow expressing these characters? And if so, do you have any > preference about for escaping logic? I think it's fine to keep this simpler and not require escaping some characters. > > The use case I'm mostly thinking about here is an extension of this to > > allow VLAN binding based on the "keyid", e.g., in the form of VLAN ID or > > a netdev ifname. > > You mean to have something like `keyid=pwd0 vlan_ifname=wlan0sta1 > vlan_bridge=br2 00:11:22:33:44:55 secretpassphrase`? That would > technically make sense even without wpa, wouldn't it? It sounds like a > more generic attribute list with flexible matching. Maybe kind of like > udev rules. Not sure if it's worth making it that complex though. I'm not sure I thought about hostapd handling that internally, but rather, having some external component look for the events and assign parameters to STA filtering/routing/etc. based on the "keyid" values which might actually be shared by multiple keys, so it is would be more of a group rather than an identifier of a specific key. No need to make this any more complex than the currently identified real use cases require, though. vlan ifname/bridge is already available through other means, so this should probably not try to override those with a completely different mechanism (if someone is interested in extending hostapd to do these VLAN configurations internally based on the used PSK or "keyid" group). -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
