On Sat, Jan 04, 2020 at 11:10:01PM +0100, Alexander Wetzel wrote: > Rekeying a pairwise key using only keyid 0 (PTK0 rekeys) has many broken > implementations and should be avoided for both security and usability > reasons. > The effects can be triggered by either end of the connection and range > from hardly noticeable disconnects over long connection freezes up to > leaking clear text MPDUs which can be used to calculate the outgoing PTK. > > To avoid the issues replace PTK0 rekeys by default with disconnects and > add the new option "wpa_deny_ptk0_rekey" to let the user control the > behavior. I don't think it is appropriate to force disconnections by default for all existing systems. It would seem fine to provide an option to explicitly request such behavior, but this by-default-behavior looks like a too drastic approach to take when there are multiple drivers that have over years added various workarounds to avoid many of the issues for most common cases. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
