Jouni Malinen j
Wed Jun 6 05:18:42 PDT 2012

On Mon, Jun 04, 2012 at 04:01:43AM +0000, Spinadel, David wrote:
> According to the WSC spec (version 2, January 5, 2010, chapter 9) it looks like WEP shouldn't be supported by WPS.
> This requirement is accomplished by wpa_supplicant enrollee: after processing message 8, it checks the encryption type (in wps_process_creds_e()) and refuses APs that support WEP encryption.
> But in registrar, it doesn't check for encryption type, and allows connection to WEP protected network. Is it right? Should it be changed in some way?

The registrar part assumes that upper layer functionality in the system
would not allow user to request WEP configuration to be selected. That
said, if wps_reg command is used to just learn the current AP
configuration, it could be fine to reject the AP settings if WEP is

> In addition, the WPS glue layer, in wpa_supplicant_wps_cred(), it looks like wpa_supplicant configuration supports WEP or TKIP encryption. Isn't it redundant?

It is still possible to build wpa_supplicant for WPS 1.0 functionality
where at least the TKIP configuration could potentially make some sense.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list