PATCH: inform upper over layers which peer has accepted config

Jouni Malinen j at w1.fi
Mon Nov 28 04:47:49 PST 2022


On Mon, Nov 28, 2022 at 01:36:12PM +0100, Eliot Lear wrote:
> Forgive my confusion, but the code above what you quoted indicates that
> clearly we are providing a conf result, which means that we are the
> configurator and we have already authenticated the peer with the public key
> from the enrollee's qrcode. Am I misusing / misinterpreting the struct?

The local device being a Configurator and providing a configuration is
accurate, but that does not mean that the peer device (Enrollee) has
been authenticated from its QR Code. While the case of a Configurator
scanning a QR Code and initiating the DPP exchange is a common one, it
is not the only one supported by the protocol. The Configurator/Enrollee
role is independent from the Initiator/Responder role. It is also
possible for the Enrollee to scan a QR Code from the Configurator and
initiate the protocol. In that sequence, the Configurator has not
scanned any QR Code and is not really authenticating the Enrollee; it is
just confirming that the Enrollee has been able to scan a specific QR
Code. This might be used, e.g., for public hotspot access in a cafe.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list