[PATCH 02/15] mka: Ignore MACsec SAK Use Old Key parameter if we don't remember our old key
j at w1.fi
Mon Mar 12 16:50:37 PDT 2018
On Fri, Mar 02, 2018 at 03:10:50PM -0500, msiedzik at extremenetworks.com wrote:
> Upon receipt of the "MACsec MKPDU SAK Use parameter set" the KaY verifies
> that both the latest key and the old key are valid. If the local system
> reboots or is reinitalizied, the KaY won't have a copy of it's old key.
> Therefore if the KaY does not have a copy of it's old key it should not
> reject MKPDUs that contain old key data in the MACsec SAK Use parameter.
Jouni Malinen PGP id EFC895FA
More information about the Hostap