Subject: Key management type while pre auth and OKC

Jouni Malinen j at w1.fi
Wed Feb 22 06:01:20 PST 2023


On Mon, Jan 09, 2023 at 11:28:26AM +0530, harisha ja wrote:
> I see that we are hardcoding WPA_KEY_MGMT_IEEE8021X (0) while adding
> preauth cache. Do we need to specify the actual Key management type
> here ? even in case of OKC are we suppose to use
> WPA_KEY_MGMT_IEEE8021X ?. When client joins if it uses different key
> management type how do we use this cache ?

No explicit information about the AKM suite is provided during the RSN
preauthentication exchange and IEEE Std 802.11-2020, 12.6.10.2 mandates
the AKM to be set to 00-0F-AC:1 which is what that hardcoding is doing.

I'm not sure how that comment about OKC is related on RSN
preauthentication.

The PMKSA cache entries should not really be used with different AKM
suites. As such, the benefits from RSN preauthentication are quite
limited in the current protocol design.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list