[PATCH 30/42] AP: MLD: Update all PMKSAs in the AP MLD

Otcheretianski, Andrei andrei.otcheretianski at intel.com
Wed Nov 29 01:25:55 PST 2023


> > > When a non-AP MLD station associates with an AP MLD and the
> > > association is a multi-link association, the PMKSA that is created
> > > as part of the connection establishment is also relevant for the
> > > other links included in the association.
> > > Thus, update the PMKSA cache of the other BSSs (that are part of the
> > > MLD connection) with the same PMKSA information.
> > >
> > > This is useful for cases, where after initial connection
> > > establishment, the station disconnect and connects again, but
> > > instead of using the original link for the connection it uses a
> > > different link.
> >
> > This does not feel correct. For AP MLD, it would make more sense to
> > have a separate MLD level PMKSA cache for all non-AP MLDs. Or
> > alternatively, such search the PMKSA cache entry from all affiliated
> > APs instead of duplicating information into all BSSs.
> 
> I'm not completely sure what do you mean be MLD level PMKSA, but
> anyway, the second approach that you suggested to lookup the entry in all
> affiliated AP's is indeed better.
> I'll resubmit a fixed version. Please drop this one.

So, I tried to implement this as you suggested.
The second approach to lookup PMKSA entries in all affiliated AP's doesn't work well as it doesn't support the case when the links are teared down.
So I don't think it's good enough.
I tried also to convert PMKSA auth cache into a "singleton" so PMKSA's can be shared across multiple authenticators.
This ends up to be quite a big and complicated change - unfortunately, I couldn't come up with something elegant.
> 
> >
> > --
> > Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list