Getting started with HS20 r2 (OSU client/server and such?)

Jouni Malinen j
Sun Mar 22 10:07:09 PDT 2015

On Sat, Mar 21, 2015 at 08:46:29AM -0700, Ben Greear wrote:
> But, any reason to not add these certs to hostapd/hs20/server/ca and allow
> to use them when generating keys with command-line arg?  I figure if we can make
> it somewhat easy to set up some HS20 test services then it should be good for anyone
> trying to actually implement HS20 properly on the station side.  Looks to me like
> there is quite a bit of work to be done by projects like NetworkManager and such?

I'm not sure I understood what you are thinking of here.. The
hs20/server/ca scripts build a full Hotspot 2.0 PKI, including the root
CA, for testing use. The three trust roots used in production would do
nothing here since obviously the private keys for those are not
available and the only way to get OSU server certificate signed would be
by contacting one of the CA vendors.

As far as enabling support for OSU in NetworkManager is concerned, that
does not sound very useful in the near future. There are no known
deployments of OSU nor am I aware of anyone even planning of deploying
this. Adding support for configuring credentials for Hotspot 2.0 is
another story and that would be of use even today. That does not need
any of these OSU certificates. Should someone actually deploy an OSU
server, there could be some more interest in trying to make this easier
to use.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list