On Tue, 10 Jul 2018 at 12:16, Denis Kenzior <denkenz@xxxxxxxxx> wrote: > I think we had this conversation before. Up to 802.11-2012, PTK Rekey > was not really explicitly mentioned as possible. There were hints and > stuff, but no explicit language. > > I think in 802.11-2016 they finally explicitly say that this is possible. > > However, we seem to have networks that perform PTK Rekey and even full > 802.1X re-auth every hour (eduroam for example). How is this working? > Or is it a case of it not always working? It's ... buggy. Right now I'm hitting race conditions (which someone is actively working on now, yay!) where frames are going out in a narrow window between the hardware key being rekeyed (and the RX PN being set to 0) and an older frame going out with a larger PN with the new key. The receiver sees the frame with the old, large PN but the new key and .. well, subsequent traffic hangs. I know it's buggy on ath9k (what we're using at work.) ath10k seems to fare better - it at least is doing key programming and PN assignment in firmware, so it has a chance to keep it in sync. -adrian
