Enable 802.11w (wpad-full) on all "non-tiny" router by default

Some user probably know the situation where people who dont like some devices, just start deauthenticating those - for fun or some other reason. 802.11w protects the users from this situation. Because also when the traffic itself is been encrypted by WPA2, the management packages are fully unencrypted and anyone around can start messing around with those.

The recent problem why this is not existing in openwrt "stable" releases was the devices that had less then 4MB of ROM. Bit now we have the "tiny" flag that is showing up those devices.
Now we can do following:
leave the "tiny" devices with wpad-mini to save space.
Enable for all other devices wpad-full. Luci (the graphical interface of openwrt) have 802.11w support build in. So when the image contain wpad-full its been shown in luci.
Like probably all devs know, the least amount of users read the IEEE specifications and so on and search for ability to enable 802.11w when they have never heard of that and probably dont know that the management frames are send unencrypted in a encrypted network.

I think its a great win for general security to enable wpad-full on all non-tiny devices by default in the stable releases.

hnyman, jow and Borromini , i think you all would also say that this would make sense. Thanks to you 802.11w got backported into the 17.01 releases here:
https://github.com/openwrt/luci/pull/998

Thanks!

2 Likes

Any news to that?

Rumour has it 802.11w breaks ath10k APs, e.g. It's not something you enable (and push) lightly.

Just tested out .11w on my wrt3200acm and it crashed the 5 GHZ driver. Yes I installed the wpad package and removed the wpad-mini package.
OpenWrt SNAPSHOT r7894
Latest mwlwifi driver version 10.3.8.0-20180810.

At least, select default wpad for ath9k device ?

Yes, those closed source software requirement wifi drivers like ath10k (that have nothing much in common with ath9k except the naming) are terrible. I recommend ath9k for everything and everyone. For me its still the reference in code quality, compatibility, stability and software freedom. Thanks @nbd and the other ath9k developers!