Fri Sep 24 22:57:10 PDT 2010
On Thu, Sep 23, 2010 at 10:59:22AM -0500, Dan Williams wrote:
> Do I have it correct when I assume that the proactive_key_caching stuff
> at the 802.11 level, while the fast_reauth stuff is at the 802.1x level?
Sort of.. Proactive key caching is assuming that the APs in the same ESS
share the same PMK and the client can try to use PMKSA caching with a
new AP even if it has not been associated with it previous and has not
used RSN pre-authentication.
fast_reauth allows EAP methods to use abbreviated authentication, e.g.,
TLS session resumption or EAP-SIM/AKA fast reauth to skip need for using
SIM/USIM during authentication.
> Should both ever be used at the same time?
It would be fine to enable them at the same time. If the network
supports proactive key caching, there is not really much help from
fast_reauth, but if it doesn't, fast_reauth could be used during the EAP
Jouni Malinen PGP id EFC895FA
More information about the Hostap