On 10/6/2022 4:41 PM, Johannes Berg wrote:
Right, but is there a fundamental difference between "hey I roamed to this AP MLD with links 1, 2 and 5" (with the right BSSIDs for the links etc.) and "hey I roamed to this AP MLD and I tried links 1, 2, 3, 4, 5 but only 1, 2 and 5 were established" ?
supplicant must validate MLO Link KDEs(includes RSNE and RSNXE) for all the negotiated links but MLO GTK/IGTK/BIGTK only for accepted links while processing 3/4 msg.
So, during roaming if EAPOL 4HS is offload to supplicant it should know the requested and accepted links information.
non-AP MLD needs to select common AKM across all the links. The MLO Link KDEs validation helps to avoid downgrade attacks.
- veeru
