[PATCH 02/15] mka: Ignore MACsec SAK Use Old Key parameter if we don't remember our old key

Jouni Malinen j at w1.fi
Mon Mar 12 16:50:37 PDT 2018


On Fri, Mar 02, 2018 at 03:10:50PM -0500, msiedzik at extremenetworks.com wrote:
> Upon receipt of the "MACsec MKPDU SAK Use parameter set" the KaY verifies
> that both the latest key and the old key are valid.  If the local system
> reboots or is reinitalizied, the KaY won't have a copy of it's old key.
> Therefore if the KaY does not have a copy of it's old key it should not
> reject MKPDUs that contain old key data in the MACsec SAK Use parameter.

Thanks, applied.
 
-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list