From patchwork Wed Oct 20 23:44:24 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arowa Suliman X-Patchwork-Id: 1544067 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=lists.infradead.org header.i=@lists.infradead.org header.a=rsa-sha256 header.s=bombadil.20210309 header.b=MYpRgE+q; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=chromium.org header.i=@chromium.org header.a=rsa-sha256 header.s=google header.b=SDo+QfJr; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.infradead.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org; receiver=) Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HZS1S2t1qz9sRR for ; Thu, 21 Oct 2021 10:46:16 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20210309; h=Sender: Content-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:MIME-Version:Message-Id:Date:Subject:Cc :To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=JdMFjr9oi7VKbrvEcSSHazkWO0pZwhXOnt+un69kfdM=; b=MYpRgE+qbg+Qm8 FM/nk3muUCEOGEoJnpZinTEKqTr7uy/sQyndx2JTJ0BBrV9lQ03B4Kx6k5+seAkr8KmU20AZCGKQw +1dEHwhQWUSzYZALAFieivrSLrpZR82abLGOiPLFMfi86g3yJvuYbm2bXgx0qU4r9aL3r4KrR+rXM gkDQwQFWa9EgHoDzbajzid78pmtNtpisQ8UfUXLI+vnfgFwR5osgNwdxd09UlI4q8MoJeBZn4ujQA hzSz80Xb4SrTQI5ddvGSeG3zfI+zHtKSRxXRsEBMPRkqHhRXDD07XvWmnQNCeqDlUm3b8Zwt7ZdXO I9trNThyx4IG5x7ON6fg==; Received: from localhost ([::1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.94.2 #2 (Red Hat Linux)) id 1mdLGR-005zuu-8a; Wed, 20 Oct 2021 23:44:55 +0000 Received: from mail-pl1-x62d.google.com ([2607:f8b0:4864:20::62d]) by bombadil.infradead.org with esmtps (Exim 4.94.2 #2 (Red Hat Linux)) id 1mdLGF-005zt9-Pv for hostap@lists.infradead.org; Wed, 20 Oct 2021 23:44:46 +0000 Received: by mail-pl1-x62d.google.com with SMTP id g5so17248947plg.1 for ; Wed, 20 Oct 2021 16:44:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=rrtmkT348q51x7nxDs4+YAJK4PTCKssPgWbTHsa22Uk=; b=SDo+QfJrvugsQMD2h6QbOK0V/gZOX9XA/zi8syZaz3iGFvnrS0eNHIrBQFgB5OK4Aa wYiR446NQtG+mqTym0iokhrUkDSNPbk4Xw58LmwWlsyNyvR+5BE9nyCMFB/Jotl5TmGe t86RCHOc71a4QV1aoIXZlkRbsNvlrB0goaKnU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=rrtmkT348q51x7nxDs4+YAJK4PTCKssPgWbTHsa22Uk=; b=u2kzJkWavGChECes6TE0yWKXLrMWS5LjdscWDjTvjvgC/sBdPYFDnSYRP1gyoW8uD+ zir4j0fA2HZBmJ9veNqhaX9fzr5wYdelLOd2MvVnmwS2IcieAyjC+zQHoPZA5521luvy AFNRp0nK8308Evm52bhOkaVzI1eHIYKsK4kUfz+IZ1pJRl9MTSMtTLadelmOgFwRKVoA lcTKzjk/IrJvUeuiP5HR/n3L1i4etnFP+ZrPQUozJNItfUhOPTDTETInvyantNg1ni1c gfBrcAJ3aFzJTOuCMp8WGrLOEm0Z5H3gM0ivohRPyOovrVDTopc5lknNCkWEpRzaKkhv hxlA== X-Gm-Message-State: AOAM530BA/VlU5dEpvIiC28blq+bPJewmtgEbnLFjaJd2CJIEJZo7RhC 2SKZJWIy3csBd8Op6ukJODo1qsXmNzvaGA== X-Google-Smtp-Source: ABdhPJyzR6aRkJ5Eg0oMnoSIEedue5yxVetZKXC9KvRqD1dfGniSNRBhBcc+FV+fusSZA8JvQUzH9g== X-Received: by 2002:a17:902:eccf:b0:13e:b002:d8bd with SMTP id a15-20020a170902eccf00b0013eb002d8bdmr1990713plh.48.1634773472915; Wed, 20 Oct 2021 16:44:32 -0700 (PDT) Received: from arowa.mtv.corp.google.com ([2620:15c:202:201:677:d11e:9604:827c]) by smtp.gmail.com with ESMTPSA id w13sm6931527pjc.29.2021.10.20.16.44.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 20 Oct 2021 16:44:32 -0700 (PDT) From: Arowa Suliman X-Google-Original-From: Arowa Suliman To: hostap@lists.infradead.org Cc: Arowa Suliman , Arowa Suliman Subject: [PATCH v8 1/2] wpa_supplicant: hostapd: Remove man-in-the-middle. Date: Wed, 20 Oct 2021 16:44:24 -0700 Message-Id: <20211020234425.1188844-1-arowa@google.com> X-Mailer: git-send-email 2.33.0.1079.g6e70778dc9-goog MIME-Version: 1.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20211020_164443_863742_052E89B7 X-CRM114-Status: GOOD ( 12.51 ) X-Spam-Score: -0.4 (/) X-Spam-Report: Spam detection software, running on the system "bombadil.infradead.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Replace man-in-the-middle attacks with on-path attacks which is gender-neutral and commonly used. Signed-off-by: Arowa Suliman --- hostapd/hostapd.conf | 2 +- wpa_supplicant/wpa_supplicant.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) Content analysis details: (-0.4 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [2607:f8b0:4864:20:0:0:0:62d listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.2 DKIMWL_WL_HIGH DKIMwl.org - High trust sender X-BeenThere: hostap@lists.infradead.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: "Hostap" Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org Replace man-in-the-middle attacks with on-path attacks which is gender-neutral and commonly used. Signed-off-by: Arowa Suliman --- hostapd/hostapd.conf | 2 +- wpa_supplicant/wpa_supplicant.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf index dbdd3d7fb..6b807f489 100644 --- a/hostapd/hostapd.conf +++ b/hostapd/hostapd.conf @@ -1837,7 +1837,7 @@ own_ip_addr=127.0.0.1 #assoc_sa_query_retry_timeout=201 # ocv: Operating Channel Validation -# This is a countermeasure against multi-channel man-in-the-middle attacks. +# This is a countermeasure against multi-channel on-path attacks. # Enabling this depends on the driver's support for OCV when the driver SME is # used. If hostapd SME is used, this will be enabled just based on this # configuration. diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf index e3ae77114..fa257f3de 100644 --- a/wpa_supplicant/wpa_supplicant.conf +++ b/wpa_supplicant/wpa_supplicant.conf @@ -988,7 +988,7 @@ fast_reauth=1 # WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE # # ocv: whether operating channel validation is enabled -# This is a countermeasure against multi-channel man-in-the-middle attacks. +# This is a countermeasure against multi-channel on-path attacks. # Enabling this automatically also enables ieee80211w, if not yet enabled. # 0 = disabled (default) # 1 = enabled if wpa_supplicant's SME in use. Otherwise enabled only when the