MIC failure question

[Jouni Malinen]

On Fri, Apr 22, 2011 at 10:54:40AM +0300, Bartosz.Markowski at tieto.com wrote:
> In current implementaiton of wpa_supplicant_event_michael_mic_failure() function there's TODO comment.
> 
> /* TODO: mark the AP rejected for 60 second. STA is
>  * allowed to associate with another AP.. */
> 
> Is there a reason that this not been implemented - some blocking issues?

No one seems to have been interested enough in optimizing this to allow
other APs to be used and blocking all connections is simpler. It is not
like TKIP countermeasures are supposed to be showing up frequently, so
it does not look like there is much benefit from using time on making
this any more complex. And if this were to be triggered more frequently,
time would likely be better spent on trying to fix whatever is causing
the Michael MIC failures anyway.

-- 
Jouni Malinen                                            PGP id EFC895FA