Re: [Patch v9 03/16] wpa_supplicant: Address PTK rekey issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, Jan 04, 2020 at 11:10:02PM +0100, Alexander Wetzel wrote:
> Rekeying a pairwise key using only keyid 0 (PTK0 rekeys) has many broken
> implementations and should be avoided for both security and usability
> reasons.
> 
> Add the new configuration option "wpa_deny_ptk0_rekey" - defaulting to
> replace any PTK0 rekey attempt with a fast reconnect.

I don't think it is appropriate to force disconnections by default for
all existing systems. It would seem fine to provide an option to
explicitly request such behavior, but this by-default-behavior looks
like a too drastic approach to take when there are multiple drivers that
have over years added various workarounds to avoid many of the issues
for most common cases.

-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux