On Sat, Jan 04, 2020 at 11:10:02PM +0100, Alexander Wetzel wrote: > Rekeying a pairwise key using only keyid 0 (PTK0 rekeys) has many broken > implementations and should be avoided for both security and usability > reasons. > > Add the new configuration option "wpa_deny_ptk0_rekey" - defaulting to > replace any PTK0 rekey attempt with a fast reconnect. I don't think it is appropriate to force disconnections by default for all existing systems. It would seem fine to provide an option to explicitly request such behavior, but this by-default-behavior looks like a too drastic approach to take when there are multiple drivers that have over years added various workarounds to avoid many of the issues for most common cases. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap