On Sat, Jan 04, 2020 at 11:10:15PM +0100, Alexander Wetzel wrote: > Change the default keyid to 1 for the first pairwise key when using > Extended Key ID. This shifts potential problems to the initial connect. > > Without that broken STAs accidentally claiming to be compatible with > Extended Key ID would work at the initial connect and only fail when the > connection is rekeyed. While this sounds like a nice idea, I'm afraid this will guarantee interoperability issues with deployed stations and as such, cannot really be done by default. Maybe change the wpa_extended_key_id config parameter to have three values: 0=disabled, 1=enabled with Key ID 0 used first, 2=enabled with Key ID 1 used first. The main issue with deployed stations is that there are number of known implementations that copy RSN Capabilities values from the AP's RSNE to Association Request frame and by doing so, negotiate various things they do not actually support. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
