[PATCH v4 12/13] MLD STA: Add PMKSA entries with both AP MLD address and AP link addresses
Jouni Malinen
j at w1.fi
Sat Dec 3 07:17:37 PST 2022
On Thu, Nov 03, 2022 at 01:38:55PM +0530, Veerendranath Jakkam wrote:
> Add PMKSA entries with both AP MLD address and AP link addresse for MLO
> connection. Per-BSSID PMKSA entries could be used in case the station
> wants to associate with one of the BSSs without enabling MLO capability
> later.
This feels a bit questionable since the PMKSA entry derived using MLO
might use different derivation rules compared to the one derived without
MLO. As an example, SAE binds a different set of MAC addresses (MLD vs.
link address) into PWE derivation. Furthermore, a PMKSA is bound to a
specific authenticator and supplicant address and those would be
different. As such, it does not feel like a single authentication should
result in generating more than a single PMKSA and that PMKSA should be
used only as an MLD or as a non-MLD, but not both.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list