hostapd/wpa_supplicant - new development release v0.5.0

Bryan Kadzban bryan at kadzban.is-a-geek.net
Fri Dec 23 08:58:19 EST 2005


Jouni Malinen wrote:
> DLS itself is quite nice improvement (assuming the security setup
> gets fixed). It allows stations to send packets directly to each
> other without having to go through the AP which is the normal
> mechanism for BSS (infrastructure networks).

Maybe I should go read the standard again, but does the AP have any
chance to "veto" the DLS/STAKey setup?  I would assume so, since the
frames go through it first, but I don't know for sure.

Reason I ask is, some APs have a configuration option to prevent STAs
from talking to each other through the AP (for use in hotspot setups,
etc., where you don't want users to be able to launch worms, etc.
against the other hotspot users).  If just negotiating a STAKey (and
doing DLS) would be enough to get around this, that might be bad
security-wise for this type of environment.

But I suppose the "block traffic from one STA to another" code could
probably also block the STAKey frames, right?  So maybe it isn't an
issue.  Hmm.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20051223/b56f6ab0/attachment.pgp 


More information about the HostAP mailing list