[PATCH 04/15] mka: Loss of live peers should result in connect PENDING not AUTHENTICATED
Jouni Malinen
j at w1.fi
Mon Mar 12 16:50:55 PDT 2018
On Fri, Mar 02, 2018 at 03:10:52PM -0500, msiedzik at extremenetworks.com wrote:
> When the number of live peers becomes 0 the KaY is setting
> 'kay->authenticated' true and telling the CP to connect AUTHENTICATED.
> Per IEEE802.1X-2010 Clause 12.2, MKA.authenticated means "the Key Sever
> has proved mutual authentication but has determiend that Controlled Port
> communication should proceed without the use of MACsec", which means
> port traffic will be passed in the clear.
> When the number of live peers becomes 0 the KaY must instead set
> 'kay->authenticated' false and tell the CP to connect PENDING. Per
> Clause 12.3 connect PENDING will "prevent connectivity by clearing the
> controlledPortEnabled parameter."
Thanks, applied.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list