On Sun, Mar 22, 2020 at 08:16:56PM +0200, Jouni Malinen wrote: > That design is broken and should be ignored. Extended Capabilities > element is not protected and the bits in in should certainly not > override the protected exchange of Key ID KDE in EAPOL-Key msg 3/4. Oops.. Clearly I don't remember where that bit is.. It was added in RSNE, not Extended Capabilities element, so it will be protected. > IMHO, it is perfectly fine and correct to not comply with that > statement. This full text is pretty descriptive instead of using clearly > normative language.. Anyway, I'll try to get this fixed in REVmd to use > the presence of Key ID KDE as the rule for the station side and also add > an explicit requirement for the AP to include Key ID KDE in msg 3/4 > whenever using Extended Key ID (i.e., also require it to be there for Key > ID 0 case). I did not see such an explicit requirement in the standard. It would seem to make more sense to use Key ID KDE as the rule here, but it is not really that critical taken into account the RSNE capability bit should really be used consistently. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
