On Mon, Jun 20, 2016 at 09:51:28AM +0900, Masashi Honma wrote: > On 2016年06月18日 18:11, Jouni Malinen wrote: > Yes. This patch breaks backward compatibility. > I do not have smart idea to avoid also. > I will create new define like this. > CONFIG_MAC80211_MESH_GROUP_ADDRESSED_PRIVACY Do we really want that? Group addressed privacy is what the standard requires to be used with mesh and if we make it build time configurable, we'll just end up with two different implementation that will never interoperate with each other.. I don't really see any better option for this apart from fixing this and requiring all STAs in a secure mesh to be updated in synchronized manner. This way it will be a one time issue, but that won't be there forever. If something is needed to for temporary backwards compatibility support, that should be something that can be enabled at runtime (and be disabled by default). That said, I'm not sure I'd go with that extra complexity taken into account how badly (i.e., completely incorrectly) the PMF case was implemented in wpa_supplicant. I'm not planning on adding any backwards compatibility mode there for due to the previous behavior not really being good from security view point either (using the same key with two different algorithms). -- Jouni Malinen PGP id EFC895FA -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
