From: Jouni Malinen <j@w1.fi>
To: Benoit PAPILLAULT <benoit.papillault@free.fr>
Cc: Johannes Berg <johannes@sipsolutions.net>,
linux-wireless@vger.kernel.org
Subject: Re: [PATCH 1/2] mac80211: Ignore replay for IBSS interfaces
Date: Tue, 16 Feb 2010 09:46:02 +0200 [thread overview]
Message-ID: <20100216074602.GA19876@jm.kir.nu> (raw)
In-Reply-To: <4B79CD81.3090300@free.fr>
On Mon, Feb 15, 2010 at 11:41:05PM +0100, Benoit PAPILLAULT wrote:
> Right. This patch disable replay protection. RSN is indeed the
> correct solution, but it's out of reach for me (no time, no skills).
> As such, I thought that WPA-NONE could be useful in the interim.
I do not think it is acceptable to introduce anything that disables
replay protection.
> Jouni : I would appreciate your input here. What's the status of
> IBSS RSN? How much time/skills would be required to implement it?
The key management side (4-way handshakes) should all be in place now
and the main missing part is in being able to configure all the GTKs
(one per peer) and use the GTKs properly (i.e., match the key per addr2
when addr1 is broadcast/multicast). A good initial step would be to
hardcode mac80211 to use software encryption and extend that to support
multiple GTKs. Once that is working, we can see whether some of the
drivers would be able to do CCMP in hardware for such key configuration.
--
Jouni Malinen PGP id EFC895FA
next prev parent reply other threads:[~2010-02-16 7:46 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-14 23:32 [PATCH 1/2] mac80211: Ignore replay for IBSS interfaces Benoit Papillault
2010-02-14 23:32 ` [PATCH 2/2] mac80211: Fix WPA-NONE for RX unicast frames Benoit Papillault
2010-02-15 9:24 ` Johannes Berg
2010-02-15 9:22 ` [PATCH 1/2] mac80211: Ignore replay for IBSS interfaces Johannes Berg
2010-02-15 22:41 ` Benoit PAPILLAULT
2010-02-16 7:46 ` Jouni Malinen [this message]
2010-02-16 20:34 ` Benoit PAPILLAULT
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100216074602.GA19876@jm.kir.nu \
--to=j@w1.fi \
--cc=benoit.papillault@free.fr \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).