2 - add WPA support to Linux Wireless Extensions
3 - add support for other drivers
4 - implement GUI for WPA Supplicant/Xsupplicant/iwconfig/iwlist
5 (easy to use configuration and network stats, etc.)
6 - add support for opportunistic PMKSA caching
7 - hostap: try other roaming modes
8 NOTE: current mode (manual roaming) does not really roam at all..
9 Firmware did not notice the current AP disappearing..
10 - EAP-MSCHAPv2: add support for password changing
11 - add support for WPA with ap_scan=0 (update selected cipher etc. based on
12 AssocInfo; make sure these match with configuration)
13 - add driver interface for using wpa_supplicant with wired interface
14 (or a separate program using EAPOL library)
15 - wpa_supplicant.conf g+rw so that frontend can change wpa_supplicant.conf
16 and RECONFIG wpa_supplicant (?)
17 (or wpa_supplicant changes .conf and ctrl interface gets support for
19 - optional security separation (build time option): run EAPOL state machines
20 as non-root (need to add something like socketpair between privileged root
21 process and non-root handler; send EAPOL packets between processes
22 and send keying data from non-root -> privileged)
23 EAPOL-Key processing (WPA & WEP keys) could be in privileged part
24 at least in the beginning; some parts might end up being moved to
25 non-root part eventually
26 - consider closing smart card / PCSC connection when EAP-SIM/EAP-AKA
27 authentication has been completed (cache scard data based on serial#(?)
28 and try to optimize next connection if the same card is present for next
30 - EAP-AKA: AT_CHECKCODE
31 - EAP-SIM/AKA: AT_RESULT_IND
32 - abort auth if EAP method initialization fails and there no other
33 accepted methods (i.e., do not send NAK for the same method that just
35 - on disconnect event, could try to associate with another AP if one is
36 present in scan results; would need to update scan results periodically..
37 - add flag scan_requested and only try to re-associate if this is set when
38 new scan results are received; this would allow background scans without
40 - if driver/hw is not WPA2 capable, must remove WPA_PROTO_RSN flag from
41 ssid->proto fields to avoid detecting downgrade attacks when the driver
42 is not reporting RSN IE, but msg 3/4 has one
43 - read CA certs from PFX file
44 - EAP-SIM/AKA: if SIM reader initialization fails, do not start authentication
45 - Cisco AP and non-zero keyidx for unicast -> map to broadcast
46 (actually, this already works with driver_ndis; so maybe just change
47 driver_*.c to do the mapping for drivers that cannot handle non-zero keyidx
49 - IEEE 802.1X and key update with driver_ndis?? wpa_supplicant did not seem
50 to see unencrypted EAPOL-Key frames at all..
51 - update developer.txt to match with current implementation
52 (driver API updates, EAP methods)
53 - driver_wext.c and driver that does not support WPA -> fix plaintext, WEP, and
54 IEEE 802.1X operation (e.g., use capabilities to report no support for WPA)