Received: by 2002:a6b:500f:0:0:0:0:0 with SMTP id e15csp4757153iob; Mon, 9 May 2022 00:26:00 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxwLiWQ/1nrhU4PxCF54KukTgtGJvthYibJEE5ni7+9hH2aXA2GJdV3ulr9jyXZeCsaO+2b X-Received: by 2002:a05:6a00:1a47:b0:510:a41b:362d with SMTP id h7-20020a056a001a4700b00510a41b362dmr4925882pfv.30.1652081160133; Mon, 09 May 2022 00:26:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1652081160; cv=none; d=google.com; s=arc-20160816; b=gwwO0H74yl/lXBVEo3A7EjiA2nqOcnrz3tUC8q9mCjU6UF66ZlZaBxAfy45Ke9wN// 1iTRtoAsBMe+HcES5KjNa3cixspx0hwMaxpY+U8ftevK0IrlyCD/BBlEEqqprbCyQvwv x1Rqhlr49PFxIYU2annwz1pvy6tG3xMC6ont+sAGbdq1ukIxxZSTUSC7ku56vs9SSMKp Dj3cxeL825kIxLQy2BITSb9d3KDl6LqYIIqEu/y5f3xkZsWYPh+qV3GY/mcrd2aK+b// o6jQYoXirSfsGjdcbAFlc2UNHpQKhMQaPnnx3w5eyeFU4ETlugQWIjPLBI9grWChrjQJ ijaw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=bHq8WYPfRYMhPN/MbKY1QJebnVr36ILi5ZZ+I9v/fdo=; b=beMwWT+TBqSUiIaGschMVAKCKR8WKtnazHDDPQg/fLMAMyDC0lKRr76vjus1pzFZ2/ uG7zNh99fLDDnIJXjMv9owV7POMK/8aXQzWpjdlNKIjGAdQG2qJIM2fZH21C/K1O2tM4 plTrL3sxFVpVneKBwh8xbhB1vlK6UMTqmK8AcFZRgI85vZCvil3qgJNcKatn0nUsFNY8 okT+60rBse+xNxS87fSoZLLh4fgwL+t6vHOG9GezGXsezHXcaNSVWCpeMEy+LzeczIf/ VZzLtIBPn/C2EPy9mP0uFUxlHrJxrwiVBIhEJk+iQ9M337xb/MIpZCeeyRBjszNmnhko zrrA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@w1.fi header.s=default header.b=v5c17ivT; spf=softfail (google.com: domain of transitioning linux-wireless-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=w1.fi Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id i18-20020a17090a7e1200b001d949db23b3si12086628pjl.119.2022.05.09.00.25.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 09 May 2022 00:25:59 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-wireless-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@w1.fi header.s=default header.b=v5c17ivT; spf=softfail (google.com: domain of transitioning linux-wireless-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-wireless-owner@vger.kernel.org; dmarc=pass (p=NONE sp=REJECT dis=NONE) header.from=w1.fi Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 80E0E1AF8F5; Mon, 9 May 2022 00:23:47 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S244853AbiEESpt (ORCPT + 68 others); Thu, 5 May 2022 14:45:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49720 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1384918AbiEESoK (ORCPT ); Thu, 5 May 2022 14:44:10 -0400 Received: from mail.w1.fi (mail.w1.fi [212.71.239.96]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1914A6A024 for ; Thu, 5 May 2022 11:33:07 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.w1.fi (Postfix) with ESMTP id 754EB10F4D; Thu, 5 May 2022 18:19:21 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at w1.fi Received: from mail.w1.fi ([127.0.0.1]) by localhost (mail.w1.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wsaQWuqafDEb; Thu, 5 May 2022 18:19:19 +0000 (UTC) Received: by jm (sSMTP sendmail emulation); Thu, 05 May 2022 21:19:17 +0300 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=w1.fi; s=default; t=1651774759; bh=tf2aE6rHDorHeFRFBJY7gW5T2f9tqmgWbVFdANAhNcs=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=v5c17ivTgkn/ATb/0W/koHioRTV3DRGjk/3ekV2uT2Qo1goyFhkJG008wV2DqtqoS JvlQ1FlB390zAv15t7vEAsxIeENN+fy/Pd/QSHgiMll0AYk3ytks5POTjK08zY/hVf mjmNKMY38is6oUC1SeVkUhmmdZZ2a+bemJZzCTXXN4O0tn5eG+vVvgix7ECNOmGEMH g/+lQWE/XkVuv0cWsWBYkcx8lntRRiL4dNz/0G4nkfD66INZR68JtmgOw9E4ByS2AA gNMOCfl5Lu0A3WKjuOFUhfb5Cr1Osr5YWdB95+/YdqdFW0LALcH8EEmK6NcPyKNg7B NpWcwHOOXhBJg== Date: Thu, 5 May 2022 21:19:17 +0300 From: Jouni Malinen To: Johannes Berg Cc: Veerendranath Jakkam , linux-wireless@vger.kernel.org Subject: Re: [PATCH v2] cfg80211: Add support for sending more than two AKMs in crypto settings Message-ID: <20220505181917.GA25102@w1.fi> References: <1650344143-1615-1-git-send-email-quic_vjakkam@quicinc.com> <22bf2f78-587d-429b-867f-f73e542018d2@quicinc.com> <53062c8fbe3eaaa281f24c4808a15804938c83ef.camel@sipsolutions.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <53062c8fbe3eaaa281f24c4808a15804938c83ef.camel@sipsolutions.net> X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org On Thu, May 05, 2022 at 09:18:40AM +0200, Johannes Berg wrote: > I also came to think - where's the upstream driver using this? This capability is needed to implement WPA3-Personal transition mode correctly with any driver that handles roaming internally, i.e., that advertises NL80211_ATTR_ROAM_SUPPORT (WIPHY_FLAG_SUPPORTS_FW_ROAM). It looks like there are two such drivers in the upstream tree today: ath6kl and brcmfmac. Since WPA3 requires PMF, ath6kl is not really a candidate for the main use for this (having to indicate PSK, PSK-SHA-256, and SAE AKMs as allowed), but brcmfmac looks like an example that would need this to allow the local network profile parameters to be set appropriately to the driver to allow all the desired roaming cases between BSSs using different AKM suite selectors to be performed. That said, I do not know whether someone would be planning on using this additional capability to extend brcmfmac to take benefit of the proposed extension. I would support this capability in wpa_supplicant, though, so the information would be available for that purpose. > I've been saying this for something like a decade now, I think I'll stop > investing time in such patches. Do you have any preference on how to address out-of-the-tree driver needs for this type of functionality? Many cases today can be covered through the use of vendor specific commands and events, but there are some inconvenient examples like the Connect command that is not really straightforward to replace or extend with vendor commands due to the concept of tracking the user space process associated with the connection and internal cfg80211 tracking of the connection in general. If additional nl80211 attributes cannot be accepted into the upstream tree for such specific needs, could there be some way of allowing vendor specific attributes to be added into the Connect command? Or would this need to use some kind of ugly combination of a vendor specific command first to modify the behavior of the following Connect command to address this type of needs? -- Jouni Malinen PGP id EFC895FA