From: Johannes Berg <johannes@sipsolutions.net>
To: Jouni Malinen <j@w1.fi>
Cc: "John W. Linville" <linville@tuxdriver.com>,
linux-wireless@vger.kernel.org,
Jouni Malinen <jouni.malinen@atheros.com>
Subject: Re: [PATCH 12/14] mac80211: 802.11w - Optional software CCMP for management frames
Date: Wed, 07 Jan 2009 13:47:08 +0100 [thread overview]
Message-ID: <1231332428.3545.33.camel@johannes> (raw)
In-Reply-To: <20090107122427.GA20019@jm.kir.nu>
[-- Attachment #1: Type: text/plain, Size: 1538 bytes --]
On Wed, 2009-01-07 at 14:24 +0200, Jouni Malinen wrote:
> I did consider this, but could not convince myself that drivers would be
> expected to work without some testing and likely changes..
Ok, I guess in that case it doesn't really matter much, though it'd be
good to not randomly associate to an AP that has MFP enabled when we
don't know the hardware can handle it.
I know, for example, that Broadcom hardware can handle it just fine when
done in software, but I'm pretty sure it cannot handle it in hardware
crypto...
> I do not care
> that much which way this is, so if you want this to be inverted, that's
> fine, too. I might even go as far as adding an explicit capability flag
> that drivers will need to set to claim MFP support and export this to
> userspace so that hostapd/wpa_supplicant could refuse the configuration
> early. With that kind of flag, inverting this key flag does not get much
> since the drivers would need to be changed anyway for MFP to work in
> every case.
You seem to be concerned only about AP mode, while I'm not much
concerned about that, there it's always tested explicitly by the person
setting up the AP, but someone who's just using STA mode would now
suddenly potentially run into problems when using an AP that is
MFP-enabled, no?
Hence, I think adding an explicit flag (whether it needs to be exported
to userspace I don't know) would probably be good so if the driver/hw
really cannot handle MFP at all then we don't associate using it, no?
johannes
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
next prev parent reply other threads:[~2009-01-07 12:46 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-01-07 11:23 [PATCH 00/14] mac80211: IEEE 802.11w (management frame protection) Jouni Malinen
2009-01-07 11:23 ` [PATCH 01/14] mac80211: 802.11w - STA flag for MFP Jouni Malinen
2009-01-07 11:23 ` [PATCH 02/14] mac80211: 802.11w - CCMP for management frames Jouni Malinen
2009-01-07 11:23 ` [PATCH 03/14] mac80211: 802.11w - Add BIP (AES-128-CMAC) Jouni Malinen
2009-01-07 11:23 ` [PATCH 04/14] mac80211: 802.11w - Use " Jouni Malinen
2009-01-07 11:23 ` [PATCH 05/14] mac80211: 802.11w - WEXT parameter for setting mgmt cipher Jouni Malinen
2009-01-07 11:23 ` [PATCH 06/14] mac80211: 802.11w - WEXT configuration for IGTK Jouni Malinen
2009-01-07 11:23 ` [PATCH 07/14] mac80211: 802.11w - Configuration of MFP disabled/optional/required Jouni Malinen
2009-01-07 11:23 ` [PATCH 08/14] mac80211: 802.11w - SA Query processing Jouni Malinen
2009-01-07 11:23 ` [PATCH 09/14] mac80211: 802.11w - Do not force Action frames to disable encryption Jouni Malinen
2009-01-07 11:23 ` [PATCH 10/14] mac80211: 802.11w - Drop unprotected robust management frames if MFP is used Jouni Malinen
2009-01-07 11:23 ` [PATCH 11/14] mac80211: 802.11w - Implement Association Comeback processing Jouni Malinen
2009-01-07 11:23 ` [PATCH 12/14] mac80211: 802.11w - Optional software CCMP for management frames Jouni Malinen
2009-01-07 12:08 ` Johannes Berg
2009-01-07 12:24 ` Jouni Malinen
2009-01-07 12:47 ` Johannes Berg [this message]
2009-01-07 14:09 ` Jouni Malinen
2009-01-07 15:09 ` Johannes Berg
2009-01-07 15:30 ` Jouni Malinen
2009-01-07 15:37 ` Johannes Berg
2009-01-07 16:33 ` Jouni Malinen
2009-01-07 16:37 ` Johannes Berg
2009-01-08 9:57 ` Helmut Schaa
2009-01-08 10:48 ` Jouni Malinen
2009-01-08 12:08 ` Helmut Schaa
2009-01-08 12:18 ` Jouni Malinen
2009-01-08 12:25 ` Johannes Berg
2009-01-08 12:29 ` Helmut Schaa
[not found] ` <226823.3656.qm@web57008.mail.re3.yahoo.com>
2009-01-08 12:44 ` [patch] vif_conf.patch failed to patch git wireless-testing (07-01-2009) Jouni Malinen
2009-01-07 11:23 ` [PATCH 13/14] ath9k: Fix set_key error codes Jouni Malinen
2009-01-07 11:24 ` [PATCH 14/14] ath9k: Setup MFP options for CCMP Jouni Malinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1231332428.3545.33.camel@johannes \
--to=johannes@sipsolutions.net \
--cc=j@w1.fi \
--cc=jouni.malinen@atheros.com \
--cc=linux-wireless@vger.kernel.org \
--cc=linville@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).