diff options
Diffstat (limited to 'contrib/wpa_supplicant/todo.txt')
-rw-r--r-- | contrib/wpa_supplicant/todo.txt | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/contrib/wpa_supplicant/todo.txt b/contrib/wpa_supplicant/todo.txt new file mode 100644 index 000000000000..52f334900098 --- /dev/null +++ b/contrib/wpa_supplicant/todo.txt @@ -0,0 +1,54 @@ +To do: +- add WPA support to Linux Wireless Extensions +- add support for other drivers +- implement GUI for WPA Supplicant/Xsupplicant/iwconfig/iwlist + (easy to use configuration and network stats, etc.) +- add support for opportunistic PMKSA caching +- hostap: try other roaming modes + NOTE: current mode (manual roaming) does not really roam at all.. + Firmware did not notice the current AP disappearing.. +- EAP-MSCHAPv2: add support for password changing +- add support for WPA with ap_scan=0 (update selected cipher etc. based on + AssocInfo; make sure these match with configuration) +- add driver interface for using wpa_supplicant with wired interface + (or a separate program using EAPOL library) +- wpa_supplicant.conf g+rw so that frontend can change wpa_supplicant.conf + and RECONFIG wpa_supplicant (?) + (or wpa_supplicant changes .conf and ctrl interface gets support for + changing config?) +- optional security separation (build time option): run EAPOL state machines + as non-root (need to add something like socketpair between privileged root + process and non-root handler; send EAPOL packets between processes + and send keying data from non-root -> privileged) + EAPOL-Key processing (WPA & WEP keys) could be in privileged part + at least in the beginning; some parts might end up being moved to + non-root part eventually +- consider closing smart card / PCSC connection when EAP-SIM/EAP-AKA + authentication has been completed (cache scard data based on serial#(?) + and try to optimize next connection if the same card is present for next + auth) +- EAP-AKA: AT_CHECKCODE +- EAP-SIM/AKA: AT_RESULT_IND +- abort auth if EAP method initialization fails and there no other + accepted methods (i.e., do not send NAK for the same method that just + failed) +- on disconnect event, could try to associate with another AP if one is + present in scan results; would need to update scan results periodically.. +- add flag scan_requested and only try to re-associate if this is set when + new scan results are received; this would allow background scans without + triggering re-assoc.. +- if driver/hw is not WPA2 capable, must remove WPA_PROTO_RSN flag from + ssid->proto fields to avoid detecting downgrade attacks when the driver + is not reporting RSN IE, but msg 3/4 has one +- read CA certs from PFX file +- EAP-SIM/AKA: if SIM reader initialization fails, do not start authentication +- Cisco AP and non-zero keyidx for unicast -> map to broadcast + (actually, this already works with driver_ndis; so maybe just change + driver_*.c to do the mapping for drivers that cannot handle non-zero keyidx + for unicast) +- IEEE 802.1X and key update with driver_ndis?? wpa_supplicant did not seem + to see unencrypted EAPOL-Key frames at all.. +- update developer.txt to match with current implementation + (driver API updates, EAP methods) +- driver_wext.c and driver that does not support WPA -> fix plaintext, WEP, and + IEEE 802.1X operation (e.g., use capabilities to report no support for WPA) |