pmkid in association request
Jouni Malinen
j at w1.fi
Fri Dec 26 13:33:23 EST 2008
On Tue, Dec 23, 2008 at 02:09:58PM +0530, Paresh Sawant wrote:
> 2.2>I start AP2(ssid = "linksis-wpa2-ttls"), and after AP2 is up and
> running, I stop AP1. wpa_supp receives "media connect" for AP2, and it
> performs RSNA with AP2 successfully.
>
> 2.3> I start AP1 again (without any change in configuration), and after AP1
> is up and running, I stop AP2. wpa_supp receives "media connect" for AP1,
> and it performs RSNA with AP1 successfully.
>
> Conclusion: I see an issue in <2.3>, since AP1 does not honor the pmkid in
> association request, it performs the full EAP again. Since wpa_supp sends
> correct PMKID in association, I was expecting AP1 to directly jump to PTKSA,
> but it does not happen that way.
How exactly did you "stop AP1"? If you just power cycled it, the PMKSA
cache was cleared and the AP won't recognize the PMKID anymore. This is
expected behavior. PMKs are unlikely to be cached in non-volatile
memory (and really shouldn't be from security view point).
--
Jouni Malinen PGP id EFC895FA
More information about the HostAP
mailing list