On Wed, 2009-01-07 at 17:30 +0200, Jouni Malinen wrote: > Sure. Enabling optional MFP automatically whenever driver/hw supports it > would be nice (there is a separate policy selection of requiring MFP and > that's something that users will need to configure if they want it). Indeed > For > this feature, I would be fine having the optional-MFP configuration in > wpa_supplicant mean that it will be disabled if driver does not support > it, i.e., NM would not actually need to care and it could just always > set ieee80211w=1 in wpa_supplicant configuration (or well, at this > point, it would need to care a bit since wpa_supplicant would reject the > configuration if it was not built with 802.11w support, but that is > probably fine when done over dbus and not config file). Right. > As far as wpa_supplicant is concerned, I can make it determine this by > trying to enable MFP mode at startup to figure out whether the driver is > capable, so there is no need to add an explicit capability flag for this > if we do not want to modify WEXT. Makes sense, yeah. > For nl80211, we can add capability > flag for MFP and then driver_nl80211.c can skip this validation step. Would be nice to be able to print it out in iw, just for information. > However, we would still need to add a driver-mac80211 flag for > indicating whether the driver supports MFP. Right, and once we have that the polarity of this key flag doesn't matter at all, though I suspect there are much fewer drivers that will be able to support it in hardware. johannes
Attachment:
signature.asc
Description: This is a digitally signed message part
