Jouni Malinen a écrit :
On Mon, Feb 15, 2010 at 11:41:05PM +0100, Benoit PAPILLAULT wrote:
Right. This patch disable replay protection. RSN is indeed the
correct solution, but it's out of reach for me (no time, no skills).
As such, I thought that WPA-NONE could be useful in the interim.
I do not think it is acceptable to introduce anything that disables
replay protection.
I know but WPA-NONE is what is implemented in some commercial products...
Jouni : I would appreciate your input here. What's the status of
IBSS RSN? How much time/skills would be required to implement it?
The key management side (4-way handshakes) should all be in place now
and the main missing part is in being able to configure all the GTKs
(one per peer) and use the GTKs properly (i.e., match the key per addr2
when addr1 is broadcast/multicast). A good initial step would be to
hardcode mac80211 to use software encryption and extend that to support
multiple GTKs. Once that is working, we can see whether some of the
drivers would be able to do CCMP in hardware for such key configuration.
Ah. That's very good news! So wpa_supplicant is already OK and the only
changes needed is in mac80211 then? and it's related to the GTK use?
Could you point to me to a sample wpa_supplicant configuration file so I
can try that out.
Thanks for the information.
Regards,
Benoit
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
