[PATCH 09/11] P2PS: Authorize any peer for p2ps method

Andrei Otcheretianski andrei.otc
Tue Jul 28 03:25:28 PDT 2015


On Sun, Jul 26, 2015 at 9:32 PM, Jouni Malinen <j at w1.fi> wrote:
> On Mon, Jul 13, 2015 at 09:49:15AM +0300, Ilan Peer wrote:
>> When P2PS PD with default P2PS method is done, the peer that becomes GO
>> should authorize the client. However, P2PS spec doesn't require the client
>> to include its intended interface address in PD request/response.
>> As a result the P2P client's address couldn't be known, so the only possible
>> option is to authorize ANY.
>> Previously, client's device address was used for authorization, which is
>> not correct when a dedicated interface is used for p2p client.
>> This is not resulting in a connection failure, however it causes a
>> significant delay (until WPS_PIN_TIME_IGNORE_SEL_REG elapses).
>> Fix this by authorizing ANY.
>
> This does not sound desirable. Why wouldn't this be done using P2P
> Device Address instead? If (and only if) the intended interface address
> is not known, the WPS element could advertise wildcard MAC address for
> the Enrollee, but WPS Registrar should not allow any other device to
> connect.

How the intended address can be known at all? P2PS spec doesn't
require from the client to add it's intended address.
In fact (if I understand the spec. correctly), even if the potential
client adds it during PD it means "the address of the GO"
and if this device eventually becomes a client, it doesn't obligated
to use this address.
For me this looks like a hole in the spec.
Is there any other way to deduct the client's interface address that
I'm missing?

Regarding the WPS Registrar validations - this is something that can
be done in a separate patch, but currently there is no validation
flows at all
on the registrar. But why is this needed?

Andrei

>
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap



More information about the Hostap mailing list