On Thu, Dec 26, 2024 at 06:01:24PM -0500, Alan DeKok wrote: > TEAP no longer supports a PAC: > > https://datatracker.ietf.org/doc/html/draft-ietf-emu-rfc7170bis-19#section-4.2.12 > > ... > [RFC7170] defined a Protected Access Credential (PAC) to mirror EAP-FAST [RFC4851]. However, implementation experience and analysis determined that the PAC was not necessary. Instead, TEAP performs session resumption using the NewSessionTicket message as defined in [RFC9190] Section 2.1.2 and Section 2.1.3. As such, the PAC TLV has been deprecated. > > As the PAC TLV is deprecated, an entity receiving it SHOULD send a Result TLV indicating failure, and an Error TLV of Unexpected TLVs Exchanged. > ... Taken into account limited deployment of TEAP (and no deployment that could have really been compliant with RFC7170), that would seem to imply that wpa_supplicant changes should really go much further than this particular change of not complaining about missing PAC in local configuration.. > I've attached an updated patch with that change. Thanks, applied. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
