Reworking the default SAE group

($INBOX_DIR/description missing)
 help / color / mirror / Atom feed

From: James Prestwood <prestwoj@gmail.com>
To: "iwd@lists.linux.dev" <iwd@lists.linux.dev>
Subject: Reworking the default SAE group
Date: Tue, 5 Sep 2023 13:13:19 -0700	[thread overview]
Message-ID: <ef6c60ef-8abc-4304-a757-d1acf9f9908e@gmail.com> (raw)

All,

The current WPA3/SAE logic (really inside ELL) returns a descending list 
of SAE groups which IWD tries. Currently just groups 20 and 19. This 
ordering was initially chosen because higher order groups have larger 
keys are are more secure. I can't come close to speaking to all AP 
manufacturers but I haven't come across a single one that supports group 
20. Even the default openWRT build only supported group 19. In addition 
some APs are even out of spec and don't handle the group negotiation 
correctly, requiring IWD to special case those OUIs.

So at this point it feels (to me) like using group 20 first just a 
performance hit, and should maybe be on an opt-in basis or we should 
explore other options. We could add an option to use a certain group 
which could even be set automatically per-network if the AP rejected 
with status 77 and a subsequent authentication using group 19 succeeded. 
 From that point on the known working group would be used and avoid 
repeated retries.

I'd like to get anyone else's thoughts/experiences on this. Maybe I'm 
wrong about group 20 being widely unsupported? If you use WPA3 check 
your dmesg logs for status 77 errors :)

Thanks,
James

                 reply	other threads:[~2023-09-05 20:13 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=ef6c60ef-8abc-4304-a757-d1acf9f9908e@gmail.com \
    --to=prestwoj@gmail.com \
    --cc=iwd@lists.linux.dev \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).