[PATCH 09/11] P2PS: Authorize any peer for p2ps method
andrei.otc at gmail.com
Tue Jul 28 06:25:28 EDT 2015
On Sun, Jul 26, 2015 at 9:32 PM, Jouni Malinen <j at w1.fi> wrote:
> On Mon, Jul 13, 2015 at 09:49:15AM +0300, Ilan Peer wrote:
>> When P2PS PD with default P2PS method is done, the peer that becomes GO
>> should authorize the client. However, P2PS spec doesn't require the client
>> to include its intended interface address in PD request/response.
>> As a result the P2P client's address couldn't be known, so the only possible
>> option is to authorize ANY.
>> Previously, client's device address was used for authorization, which is
>> not correct when a dedicated interface is used for p2p client.
>> This is not resulting in a connection failure, however it causes a
>> significant delay (until WPS_PIN_TIME_IGNORE_SEL_REG elapses).
>> Fix this by authorizing ANY.
> This does not sound desirable. Why wouldn't this be done using P2P
> Device Address instead? If (and only if) the intended interface address
> is not known, the WPS element could advertise wildcard MAC address for
> the Enrollee, but WPS Registrar should not allow any other device to
How the intended address can be known at all? P2PS spec doesn't
require from the client to add it's intended address.
In fact (if I understand the spec. correctly), even if the potential
client adds it during PD it means "the address of the GO"
and if this device eventually becomes a client, it doesn't obligated
to use this address.
For me this looks like a hole in the spec.
Is there any other way to deduct the client's interface address that
Regarding the WPS Registrar validations - this is something that can
be done in a separate patch, but currently there is no validation
flows at all
on the registrar. But why is this needed?
> Jouni Malinen PGP id EFC895FA
> HostAP mailing list
> HostAP at lists.shmoo.com
More information about the HostAP