Send connman mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.01.org/mailman/listinfo/connman
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of connman digest..."
Today's Topics:
1. Statement on KRACK? (Craig McQueen)
2. RE: Statement on KRACK? (Craig McQueen)
3. Re: Statement on KRACK? (Xiaodong Sun)
4. Re: Statement on KRACK? (Julien Massot)
5. Re: Statement on KRACK? (Patrik Flykt)
----------------------------------------------------------------------
Message: 1
Date: Fri, 3 Nov 2017 09:56:45 +1100
From: Craig McQueen <[email protected]>
To: "[email protected]" <[email protected]>
Subject: Statement on KRACK?
Message-ID:
<5500469a22567c4baf673a6e86afa3a40295f094b...@ir-central.corp.innerrange.com>
Content-Type: text/plain; charset="us-ascii"
It would be helpful to have a status about KRACK in relation to Connman.
* Is Connman directly affected by the KRACK Wi-Fi vulnerability?
* Is Connman indirectly affected by the KRACK Wi-Fi vulnerability, e.g. via
wpa_supplicant or Linux kernel?
* What steps, if any, are required to patch a system using Connman, to secure
against KRACK?
--
Craig McQueen
------------------------------
Message: 2
Date: Fri, 3 Nov 2017 12:19:01 +1100
From: Craig McQueen <[email protected]>
To: "[email protected]" <[email protected]>
Subject: RE: Statement on KRACK?
Message-ID:
<5500469a22567c4baf673a6e86afa3a40295f094b...@ir-central.corp.innerrange.com>
Content-Type: text/plain; charset="us-ascii"
I wrote:
>
> It would be helpful to have a status about KRACK in relation to Connman.
>
> * Is Connman directly affected by the KRACK Wi-Fi vulnerability?
> * Is Connman indirectly affected by the KRACK Wi-Fi vulnerability, e.g. via
> wpa_supplicant or Linux kernel?
> * What steps, if any, are required to patch a system using Connman, to
> secure against KRACK?
As far as I can tell from my initial investigation, Connman relies on
wpa_supplicant for low-level Wi-Fi protocol handling. So wpa_supplicant needs
to be patched to fix KRACK vulnerabilities, while Connman itself doesn't need
patching. Is that correct?
It's not 100% clear to me what the status is for access point mode (tethering
in Connman). It looks as though Connman must also use wpa_supplicant for
tethering support. So a patched wpa_supplicant would also fix KRACK
vulnerability for access point mode. Is that correct?
--
Craig McQueen
------------------------------
Message: 3
Date: Thu, 2 Nov 2017 19:36:25 -0700
From: Xiaodong Sun <[email protected]>
To: Craig McQueen <[email protected]>
Cc: "[email protected]" <[email protected]>
Subject: Re: Statement on KRACK?
Message-ID:
<caeobsrqp4_st9o7pyaayjwqyzpcoym+m+tdbfyaj65ozghc...@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
I think you are right, Craig! The WPA2 security vulnerability exists in
wpa_supplicant, not in Connman. The patch should be in wpa_supplicant.
On Thu, Nov 2, 2017 at 6:19 PM, Craig McQueen <[email protected]>
wrote:
> I wrote:
> >
> > It would be helpful to have a status about KRACK in relation to Connman.
> >
> > * Is Connman directly affected by the KRACK Wi-Fi vulnerability?
> > * Is Connman indirectly affected by the KRACK Wi-Fi vulnerability, e.g.
> via
> > wpa_supplicant or Linux kernel?
> > * What steps, if any, are required to patch a system using Connman, to
> > secure against KRACK?
>
> As far as I can tell from my initial investigation, Connman relies on
> wpa_supplicant for low-level Wi-Fi protocol handling. So wpa_supplicant
> needs to be patched to fix KRACK vulnerabilities, while Connman itself
> doesn't need patching. Is that correct?
>
> It's not 100% clear to me what the status is for access point mode
> (tethering in Connman). It looks as though Connman must also use
> wpa_supplicant for tethering support. So a patched wpa_supplicant would
> also fix KRACK vulnerability for access point mode. Is that correct?
>
> --
> Craig McQueen
>
> _______________________________________________
> connman mailing list
> [email protected]
> https://lists.01.org/mailman/listinfo/connman
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.01.org/pipermail/connman/attachments/20171102/d542d635/attachment-0001.html>
------------------------------
Message: 4
Date: Fri, 3 Nov 2017 08:50:40 +0100
From: Julien Massot <[email protected]>
To: [email protected]
Cc: Craig McQueen <[email protected]>,
"[email protected]" <[email protected]>
Subject: Re: Statement on KRACK?
Message-ID:
<CADGp=QcFN6DQL8gWfRvc1jVxjD+ZBx9GSyhFxczTB+=8zws...@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Hi,
On Fri, Nov 3, 2017 at 3:36 AM, Xiaodong Sun <[email protected]> wrote:
> I think you are right, Craig! The WPA2 security vulnerability exists in
> wpa_supplicant, not in Connman. The patch should be in wpa_supplicant.
>
> On Thu, Nov 2, 2017 at 6:19 PM, Craig McQueen <[email protected]>
> wrote:
>>
>> I wrote:
>> >
>> > It would be helpful to have a status about KRACK in relation to Connman.
>> >
>> > * Is Connman directly affected by the KRACK Wi-Fi vulnerability?
No
>> > * Is Connman indirectly affected by the KRACK Wi-Fi vulnerability, e.g.
>> > via
>> > wpa_supplicant or Linux kernel?
by wpa_supplicant.
>> > * What steps, if any, are required to patch a system using Connman, to
>> > secure against KRACK?
You should go to hostap ML
Please read this mail:
http://lists.infradead.org/pipermail/hostap/2017-October/037989.html
Regards,
Julien
--
*This email and any attachment thereto are confidential and intended solely
for the use of the individual or entity to whom they are addressed.If you
are not the intended recipient, please be advised that disclosing, copying,
distributing or taking any action in reliance on the contents of this email
is strictly prohibited. In such case, please immediately advise the sender,
and delete all copies and attachment from your system.This email shall not
be construed and is not tantamount to an offer, an acceptance of offer, or
an agreement by SoftBank Robotics Europe on any discussion or contractual
document whatsoever. No employee or agent is authorized to represent or
bind SoftBank Robotics Europe to third parties by email, or act on behalf
of SoftBank Robotics Europe by email, without express written confirmation
by SoftBank Robotics Europe? duly authorized representatives.*
------------------------------
*Ce message ?lectronique et ?ventuelles pi?ces jointes sont confidentiels,
et exclusivement destin?s ? la personne ou l'entit? ? qui ils sont
adress?s.Si vous n'?tes pas le destinataire vis?, vous ?tes pri? de ne pas
divulguer, copier, distribuer ou prendre toute d?cision sur la foi de ce
message ?lectronique. Merci d'en aviser imm?diatement l'exp?diteur et de
supprimer toutes les copies et ?ventuelles pi?ces jointes de votre
syst?me.Ce message ?lectronique n'?quivaut pas ? une offre, ? une
acceptation d?offre, ou ? un accord de SoftBank Robotics Europe sur toute
discussion ou document contractuel quel qu?il soit, et ne peut ?tre
interpr?t? comme tel. Aucun employ? ou agent de SoftBank Robotics Europe
n'est autoris? ? repr?senter ou ? engager la soci?t? par email, ou ? agir
au nom et pour le compte de la soci?t? par email, sans qu?une confirmation
?crite soit donn?e par le repr?sentant l?gal de SoftBank Robotics Europe ou
par toute autre personne ayant re?u d?l?gation de pouvoir appropri?e.*
------------------------------
Message: 5
Date: Fri, 03 Nov 2017 12:45:56 +0200
From: Patrik Flykt <[email protected]>
To: Craig McQueen <[email protected]>,
"[email protected]" <[email protected]>
Subject: Re: Statement on KRACK?
Message-ID: <[email protected]>
Content-Type: text/plain; charset="UTF-8"
On Fri, 2017-11-03 at 12:19 +1100, Craig McQueen wrote:
> I wrote:
> >
> > It would be helpful to have a status about KRACK in relation to
> > Connman.
> >
> > * Is Connman directly affected by the KRACK Wi-Fi vulnerability?
No.
> > * Is Connman indirectly affected by the KRACK Wi-Fi vulnerability,
> > e.g. via
> > wpa_supplicant or Linux kernel?
Yes, via wpa_supplicant.
> > * What steps, if any, are required to patch a system using Connman,
> > to secure against KRACK?
Update wpa_supplicant. All major distros and upstream wpa_supplicant
have been updated by now.
> As far as I can tell from my initial investigation, Connman relies on
> wpa_supplicant for low-level Wi-Fi protocol handling. So
> wpa_supplicant needs to be patched to fix KRACK vulnerabilities,
> while Connman itself doesn't need patching. Is that correct?
Yes.
> It's not 100% clear to me what the status is for access point mode
> (tethering in Connman). It looks as though Connman must also use
> wpa_supplicant for tethering support. So a patched wpa_supplicant
> would also fix KRACK vulnerability for access point mode. Is that
> correct?
Yes.
Patrik
------------------------------
Subject: Digest Footer
_______________________________________________
connman mailing list
[email protected]
https://lists.01.org/mailman/listinfo/connman
------------------------------
End of connman Digest, Vol 25, Issue 1
**************************************
