From: Lars Viklund (lars.viklund_at_axis.com)
Date: 2002-04-05 23:21:36 UTC
On Fri, 2002-04-05 at 22:48, Jouni Malinen wrote:
> On Fri, Apr 05, 2002 at 02:45:06PM +0100, ben_at_netservers.co.uk wrote:
>
> > The difficultly may come with encrypting and decrypting broadcast and
> > multicast frames unless all nodes on the network run your driver. At the
> > very least, clients will be unable able to make sense of broadcasts from
> > other clients unless they are using a common key.
It isn't a problem since the standard specifies how this should work.
> Yes, that's true. Unicast frames can be encrypted with different keys
> for each station. In addition, broadcast and multicast frames from
> stations to AP (i.e., the frame that has ToDS flag and is only sent to
> the AP) can be encrypted with the station-specific key. When AP
> re-sends these broad/multicast frames to associated stations, it would
> need to use common key or send these separately to each station. Since
It should use a default key, just as when sending to individual RAs for which it doesn't have a separate key mapping.
> there are four possible WEP keys, it would be possible to use key1 as
> the station-specific key and key2 as the common key for
> broad/multicast frames from AP to stations.
There are four possible default WEP keys but in addition to this there may be any number of keys for individual RAs. Which one of the (four) default keys to use when sending to a group address (or an individual address for which no separate key mapping exists) is a local configuration matter. When receiving the key id field in the IV indicates which default key to use.