On Mon, Nov 28, 2022 at 01:36:12PM +0100, Eliot Lear wrote: > Forgive my confusion, but the code above what you quoted indicates that > clearly we are providing a conf result, which means that we are the > configurator and we have already authenticated the peer with the public key > from the enrollee's qrcode. Am I misusing / misinterpreting the struct? The local device being a Configurator and providing a configuration is accurate, but that does not mean that the peer device (Enrollee) has been authenticated from its QR Code. While the case of a Configurator scanning a QR Code and initiating the DPP exchange is a common one, it is not the only one supported by the protocol. The Configurator/Enrollee role is independent from the Initiator/Responder role. It is also possible for the Enrollee to scan a QR Code from the Configurator and initiate the protocol. In that sequence, the Configurator has not scanned any QR Code and is not really authenticating the Enrollee; it is just confirming that the Enrollee has been able to scan a specific QR Code. This might be used, e.g., for public hotspot access in a cafe. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
