[RFC 5/6] hostap: add UDP support for ctrl iface

Alan DeKok aland at deployingradius.com
Thu Jan 14 11:58:07 PST 2016


On Jan 14, 2016, at 12:49 PM, Peter Oh <poh at codeaurora.org> wrote:
> 
> 
> On 01/14/2016 05:19 AM, Janusz Dziedzic wrote:
>> Add UDP support for ctrl interface.
> can you add more details such as why we need it?

  Even if it's needed, there's essentially no security on the UDP packets.  I don't see a static and *clear-text* cookie as offering any security.

  The protocol should at the minimum include randomness, so that packets can't be replayed.  And the entire contents should be authenticated, ideally with an HMAC construct.

  Or, just use TCP and TLS for the control interface.  That would be infinitely preferable to UDP.

  Alan DeKok.




More information about the Hostap mailing list