Re: [STDS-802-11-TGBN] Roaming TTT: Review of 11-26/0426 (Per-AP MLD PTK

Thread Links	Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Hi Thomas,

Thanks for the response.

It will be good if you can add more text to clarify some of your intention. Especially to explain when the SMD _KDK in the right or left of the equation in the same case.

See more following up comments inline.

Thanks

Best Regards

Jay Yang (杨志杰)

Original

From: ThomasDerham <00000ad2eabc2931-dmarc-request@xxxxxxxxxxxxxxxxx>

To: STDS-802-11-TGBN@xxxxxxxxxxxxxxxxx <STDS-802-11-TGBN@xxxxxxxxxxxxxxxxx>;

Date: 2026年03月09日 09:25

Subject: Re: [STDS-802-11-TGBN] Roaming TTT : Review of 11-26/0426 (Per-AP MLD PTK and related topics)

Hi Jay

Thanks for the comments. Please see inline:

On Mar 8, 2026 at 17:59:29, yang.zhijie@xxxxxxxxxx wrote:

Hi Thomos ,

Thanks for your efforts on this PDT.

I have some hard time to decode the following proposed equation.
1) "XXKey is the SMD _KDK if the non-AP MLD is associated to an SMD -ME in Per-AP MLD PTK mode and the PTK is not being derived at the time of (re)association to the SMD -ME", at this moment, there shall be no SMK_KDK derived on the left of the equation.

Correct. I highlighted the word "not" in the sentence above for clarity. This refers to roams or PTK -rekeying cases, so the existing SMD _KDK is used on right side of the equation (as an input) only, and no new SMD _KDK is derived (i.e. it's not on the left side)

<Jay>could you describe the relevant case in explicitly mode, otherwise, the reader has to guess which case your are referring to. Also, clarify the SMD _KDK is not present in these cases.

2) how to understand "if the non-AP MLD is associated to an SMD -ME"? EPPKE is an authentication phase, result in the derived PTKSA used to protect the subsequent association phase. Or your want to say the non-AP MLD intends to associate with SMD -ME after EPPKE ?

In EPPKE case, the important phrase is "the PTK is not being derived at the time of (re)association". EPPKE exchange will, I believe, always be used at the time of (re)association.

So if an EPPKE exchange is performed, then XXKey is the PMK and a new SMD _KDK is derived (on the left side).

<Jay> The label shows such equation only refer to EPPKE , and EPPKE only happened before the association based on my understanding. Seems there is no other interpretation/use cases.

3) In some place, it's said "In the case of a PTKSA between a non-AP MLD and SMD -ME, there shall only be one PTKSA (in Per-SMD PTK mode case, per key ID) with the same Supplicant MAC address and SMD identifier.". If that's true, SMD _KDK will be part of PTKSA , why split the SMD _KDK from PTK in the following equation?

The PTKSA structure should clarify this - the one PTKSA contains one SMD _KDK and (in general) multiple PTKs .

The SMD _KDK is part of the PTKSA , but that doesn't mean it's part of the PTK .

As you know, the scope and lifetime of SMD _KDK and the PTK derived with the initial PTK are different, so we refer to them separately.

I do feel it's quite hard to understand the following equation if you combine the per-AP MLD PTK and per-SMD PTK mode into one equation. How about splitting it into two different equations?

From implementation perspective, where it's likely the same functions will be used in all cases with just some conditional modifications, I think it's easier to see the differences if they are all shown in one definition.

But I'm definitely open to, for example, adding an example in a note if you think it would help....

<Jay> The following equation need some polish definitely, let's see how to make it clear first.

PTK [|| SMD _KDK ] = KDF -HASH-NNN (XXKey , “EPPKE PTK Derivation”, SPA || BSSID || DHss [|| SMD _ID])
where
XXKey                         is the SMD _KDK if the non-AP MLD is associated to an SMD -ME in Per-AP MLD PTK mode and the PTK is not being derived at the time of (re)association to the SMD -ME. Otherwise, XXKey is the pairwise master key for the base AKMP .
SPA                              is the MAC address of the non-AP STA, or for MLO the non-AP MLD MAC address
AA                                is the BSSID , or for MLO the AP MLD MAC address
DHss                             is the shared secret derived from the PASN ephemeral key exchange or from the SMD BSS transition preparation procedure (37.15.5 (SMD BSS transition preparation procedure)), encoded as an octet string (12.4.7.2.2 (Integer to octet string conversion)).
KDF -HASH-NNN       is the key derivation function defined in 12.7.1.6.2 (Key derivation function (KDF )) using the hash algorithm defined for the base AKMP ; see Table 9-208 (AKM suite selectors). When the base AKMP is EPPKE AKMP , the hash algorithm is selected based on the pairwise Cipher Suite provided in the RSNE provided by the AP in the second EPPKE frame. SHA-256 is used as the hash algorithm, except for the ciphers 00-0F-AC:9 and 00-0F-AC:10 for which SHA-384 is used.

NNN          is equal to KCK_bits + KEK_bits + TK_bits + KDK _bits + SMD _KDK _bits. SMD _KDK _bits is is equal to PMK _bits when the PTK is derived at the time of (re)association to an SMD using Per-AP MLD PTK mode, and is zero otherwise
SMD _ID          is the SMD identifier; it is included if the non-AP MLD is (re)associating to, or already associated with, an SMD -ME (in which case SMD _ID is the SMD identifier of that SMD -ME), and is not included otherwise.

Thanks

Best Regards

Jay Yang (杨志杰)

To unsubscribe from the STDS-802-11-TGBN list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGBN&A=1

From: ThomasDerham <00000ad2eabc2931-dmarc-request@xxxxxxxxxxxxxxxxx>

To: STDS-802-11-TGBN@xxxxxxxxxxxxxxxxx <STDS-802-11-TGBN@xxxxxxxxxxxxxxxxx>;

Date: 2026年03月08日 11:16

Subject: Re: [STDS-802-11-TGBN] Roaming TTT : Review of 11-26/0426 (Per-AP MLD PTK and related topics)

Hi all

Thanks for the feedback when I presented 26/0426r1 during the MAC adhoc .

I have now uploaded R2, in which I have tried to address almost all the comments I received offline since:

https://mentor.ieee.org/802.11/dcn/26/11-26-0426-02-00bn-lb291-mac-crs-for-st-per-ap-mld-ptk.docx

There is one item that is highlighted in the Word comments, and relates to how UL replay counters are set on the target AP MLD . After discussing with several folks during the adhoc , there is a draft update to address this and I intend to incorporate it within the next R3 revision to be posted tomorrow.

Thanks

Thomas

On Mar 3, 2026 at 11:28:15, Thomas Derham <thomas.derham@xxxxxxxxxxxx> wrote:

Hi all

I have uploaded 26/0426r0 containing draft resolutions for the CIDs I was assigned on Per-AP MLD PTK and some roaming security topics. (Also attached for reference).
https://mentor.ieee.org/802.11/dcn/26/11-26-0426-00-00bn-lb291-mac-crs-for-st-per-ap-mld-ptk.docx
I would appreciate review and feedback, either on this thread or directly to me.

This covers around 50 CIDs : 4164, 4171, 4403, 4478, 4479, 4806, 4807, 5007, 5445, 5599, 5638, 5752, 6147, 6267, 6268, 6269, 6272, 6274, 6275, 6366, 6367, 6370, 6371, 6552, 6852, 6853, 6907, 7008, 7490, 9593, 9597, 10409, 10414 ,11139, 11351, 11352, 11356, 11360, 12030, 12163, 12349, 12375, 12382, 12404, 12407, 12408, 12417, 12427

Thanks
Thomas

To unsubscribe from the STDS-802-11-TGBN list, click the following link: https://listserv.ieee.org/cgi-bin/wa?SUBED1=STDS-802-11-TGBN&A=1

Re: [STDS-802-11-TGBN] Roaming TTT: Review of 11-26/0426 (Per-AP MLD PTK and related topics)