On Sat, Jan 04, 2020 at 11:10:12PM +0100, Alexander Wetzel wrote: > IEEE 802.11ai-2016 is missing any instructions how to handle FILS in > combination with Extended Key ID. There are two obvious ways: > > 1) FILS connections can only use keyid 0 and the STAs decide on rekey > if they can use Extended Key ID or not. > > 2) FILS also checks if Extended Key ID can be used by both STAs and > adds the KeyID KDE - when it's used - to the FILS handshake. > > The latter seems to be closer to the intent of 802.11ai and since there > are no other implementations for Extended Key ID we could become > incompatible to this patch implements option 2) for now. This should be brought up for discussion in the currently ongoing IEEE 802.11 TGmd maintenance effort that will be updating IEEE Std 802.11-2016 and bringing in the IEEE Std 802.11i-2016 amendment into the same document. For the time being, I'd likely go with option of not using Extended Key ID at all with FILS if there is any risk of not coming up with an interpretation of the standard that everyone would agree with. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap