[PATCH 09/11] P2PS: Authorize any peer for p2ps method

Jouni Malinen j
Sun Jul 26 11:32:28 PDT 2015


On Mon, Jul 13, 2015 at 09:49:15AM +0300, Ilan Peer wrote:
> When P2PS PD with default P2PS method is done, the peer that becomes GO
> should authorize the client. However, P2PS spec doesn't require the client
> to include its intended interface address in PD request/response.
> As a result the P2P client's address couldn't be known, so the only possible
> option is to authorize ANY.
> Previously, client's device address was used for authorization, which is
> not correct when a dedicated interface is used for p2p client.
> This is not resulting in a connection failure, however it causes a
> significant delay (until WPS_PIN_TIME_IGNORE_SEL_REG elapses).
> Fix this by authorizing ANY.

This does not sound desirable. Why wouldn't this be done using P2P
Device Address instead? If (and only if) the intended interface address
is not known, the WPS element could advertise wildcard MAC address for
the Enrollee, but WPS Registrar should not allow any other device to
connect.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list