On Mon, Mar 17, 2008 at 12:57 PM, Johannes Berg <johannes@xxxxxxxxxxxxxxxx> wrote: > > > Actually, you're making it look like a much larger problem than it is. > > > If you assume anything WEP is a "static key" and everything else is a > > > "dynamic key" (using your terminology), the only problem will be with > > > dynamic WEP, and even then it's not really a problem because as far as I > > > understand even dynamic WEP doesn't distinguish between group and > > > pairwise keys. > > > > This is incorrect. WPA enable using WEP as dynamic key and this > > setting is very common. > > WEP key is enabled for legacy stations this force also broadcast to be > > WEP. This setup is still quite common. > I have no idea about WPA's non-IEEE modes. I don't seem to be able to > find such a thing in the IEEE spec so you'll have to actually elaborate > on this. Actually I've misled you a bit. This is defined by IEEE 802.11i in section TSN Transition Security Network. Where legacy WEP-only STA and RSN-enabled station can coexists. In this case Legacy stations use static WEP key and RSN enabled station uses more advanced security setting. RSN enabled station will be configured with WEP as a group cipher (spec name) Here is a quote from the spec.. there is much more about it it's a bit spread in the spec. 3.123 Transition Security Network (TSN): A Security Network which allows the creation of Pre-Robust Security Network Associations as well as Robust Security Network Associations. A TSN can be identified by the indication in the RSN IE of Beacons that the group cipher suite in use is WEP. > > > > Note that there's another case in AP mode where bc/mc keys are TX-only, > > > those are added with a zeroed MAC address. > > I would prefer also in this case a clear flag rather then playing with > > ambiguity of destination address. On second thought is that AP has only TX group key while STA has only RX group key so I m not seeing here any need for flag. > > Yes, that would indeed help. Except that WEXT can't actually give you > the distinction so discussing these points right now is pretty moot when > we can't even do it properly as far as I can tell. Might be possible to > infer the information with the key management enabled flag thing... You have encode ioctl which is called only for static/legacy WEP or you use CIPHER_NONE for when using encodeext For WEP in Pairwise and Group Key you use WEP40/104 /* IW_AUTH_PAIRWISE_CIPHER and IW_AUTH_GROUP_CIPHER values (bit field) */ #define IW_AUTH_CIPHER_NONE 0x00000001 #define IW_AUTH_CIPHER_WEP40 0x00000002 #define IW_AUTH_CIPHER_TKIP 0x00000004 #define IW_AUTH_CIPHER_CCMP 0x00000008 #define IW_AUTH_CIPHER_WEP104 0x00000010 It's not well defined in wext but we can at least define the interface from mac80211 point of view. Thanks Tomas -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html