From: James Prestwood <prestwoj@gmail.com>
To: "iwd@lists.linux.dev" <iwd@lists.linux.dev>
Subject: Reworking the default SAE group
Date: Tue, 5 Sep 2023 13:13:19 -0700 [thread overview]
Message-ID: <ef6c60ef-8abc-4304-a757-d1acf9f9908e@gmail.com> (raw)
All,
The current WPA3/SAE logic (really inside ELL) returns a descending list
of SAE groups which IWD tries. Currently just groups 20 and 19. This
ordering was initially chosen because higher order groups have larger
keys are are more secure. I can't come close to speaking to all AP
manufacturers but I haven't come across a single one that supports group
20. Even the default openWRT build only supported group 19. In addition
some APs are even out of spec and don't handle the group negotiation
correctly, requiring IWD to special case those OUIs.
So at this point it feels (to me) like using group 20 first just a
performance hit, and should maybe be on an opt-in basis or we should
explore other options. We could add an option to use a certain group
which could even be set automatically per-network if the AP rejected
with status 77 and a subsequent authentication using group 19 succeeded.
From that point on the known working group would be used and avoid
repeated retries.
I'd like to get anyone else's thoughts/experiences on this. Maybe I'm
wrong about group 20 being widely unsupported? If you use WPA3 check
your dmesg logs for status 77 errors :)
Thanks,
James
reply other threads:[~2023-09-05 20:13 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ef6c60ef-8abc-4304-a757-d1acf9f9908e@gmail.com \
--to=prestwoj@gmail.com \
--cc=iwd@lists.linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).