On Wed, Aug 25, 2021 at 8:49 AM Jouni Malinen <j@xxxxx> wrote: > > What's the use case for this change? For my use case setting pmf=1 globally and leaving ieee80211w unset on the explicit network configurations does allow this code to connect to an optional network without PMF. I simply expected the explicit ieee80211w=1 would behave the same as the global pmf=1 setting in my case but instead it fails "to configure IGTK to the driver". > I'm not completely sure about the nl80211 cases since the BIP cipher > suite support indication might have been added later than the initial > PMF implementation. This may have resulted in there being no strict > rejection of BIP configuration with drivers that do not have explicit > indication for it in the supported ciphers list. Thank you for the insight. I had not thought of a driver supporting PMF without indicating support for BIP. > As such, it may be a > bit difficult to do this type of a change in wpa_supplicant without the > kernel interface(s) changing first to explicitly indicate whether PMF is > supported. This is likely out of the scope of my current needs. Additionally, that would require adding the explicit interface to non-nl80211 drivers as well wouldn't it? Thank you for clarifying the reasons behind these differences. Jeff _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
