802.1X-2010 compliance

Badrish Adiga H R badrish.adigahr at gmail.com
Wed Feb 24 02:00:28 PST 2016


Hi Jouni,

Many thanks for replying. Since 802.1X-2010 compliance is mandatory
for my requirement, I am planning to make EAPOL state machine
implementation of hostap to be compliant to 2010 standard and I have
some questions regarding this.

1. After comparing EAPOL state machines of 802.1X-2004 & 802.1X-2010,
I noticed that, some intermediate states are removed in 2010 standard.
Is this to solve some vulnerabilities of 802.1X-2004 standard or to
make the state machine simple? If state machine definition is changed
to just to make it simple, I think, we can still retain the existing
state machine implementation of hostap.
2. 802.1X-2010 standard does not talk about EAPOL back-end state
machine. So I believe, I can retain the implementation of back-end
state machine of hostap as is. Correct me If I am wrong here.

Regards,
Badrish

On Tue, Feb 23, 2016 at 4:04 PM, Jouni Malinen <j at w1.fi> wrote:
> On Tue, Feb 23, 2016 at 11:35:16AM +0530, Badrish Adiga H R wrote:
>> are EAPOL & EAP state machine implementations in hostapd &
>> wpa_supplicant 802.1X-2010 compliance. If no, what extra we might have
>> to implement to be compliant to mandatory requirements of IEEE
>> 802.1X-2010 standard?
>
> The main EAPOL implementation used in hostapd and wpa_supplicant
> (src/eapol_auth/* and src/eapol_supp/*) is actually based on IEEE Std
> 802.1X-2004, not the 2010 version. Only the MACsec related supplicant
> side implementation in src/pae/* is based on the 2010 version.
>
> --
> Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list