[kevinday]

WPA3-only is mandatory if you want to use 6GHz frequencies though. At least for the gear we use, that means if you want 6GHz you either must only have devices that support WPA3 or you have to use a separate SSID for 6GHz clients to use. Fallback to WPA2 isn’t permitted.

I appreciate the sentiment, but new devices being sold that still don’t support WPA3 means the adoption of 6GHz is going to be a very slow process.

More info here since this is surprising to many: https://www.extremenetworks.com/resources/blogs/wireless-sec...

[AshamedCaptain]

> I appreciate the sentiment, but new devices being sold that still don’t support WPA3 means the adoption of 6GHz is going to be a very slow process.

No, it just means the adoption of WPA3 is going to happen at the same speed of 6 Ghz. The point is that every device that supports 6Ghz has to support WPA3.It's not like you could do 6Ghz on your Raspberry Pi but lack of WPA3 blocks you from it.

[kevinday]

There’s a nuance that I didn’t explain well. WPA2 and 6GHz clients can’t exist together on the same SSID. According to the specification, if you enable 6GHz, the whole network becomes exclusively WPA3. If you enable WPA2, that SSID can’t speak 6GHz. Having new non-WPA3 devices being sold is going to really slow down the adoption of 6GHz, because they can’t coexist. You can’t band steer 6GHz clients to a preferred 6GHz compatible WPA3 only network, it’s up to the user to pick the right SSID.

[AshamedCaptain]

This is a draconian reading of the standard which I think no reasonable person would agree with.

If this is about 12.12.2, then it refers exclusively to the 6GHz STA, and not "to the entire network", which on Wi-Fi is a very loosely defined concept (same BSS? same ESS? already the standard forces different channels to use different BSSIDs).

Nothing prevents the 6 GHz AP's SSID from "coincidentally" being the same as the 2.5/5GHz AP. In fact, this is exactly how a/n works now: even though initially it was common for 5GHz STAs to operate on a different SSID, no one bothers to check, and nowadays I can barely find a consumer/business AP that _by default_ still keeps separate SSIDs for both 2.5 and 5.

While I can find APs that today by default give different SSIDs to 2.5/5 and 6 (oh, the irony), I have not found any that would prevent me from setting the same SSID to all; and some APs I have already set the same SSID to 2.5/5/6 by default. These all have the Wi-Fi logo.

> You can’t band steer 6GHz clients to a preferred 6GHz compatible WPA3 only network, it’s up to the user to pick the right SSID.

You have never been able to truly band steer clients since this is at the client's discretion. Even if you give everything the same SSID, the client may choose to prefer the 2.4GHz band instead -- this is also one of the reasons it was common to give both of them a different SSID early on, so that users could force 5GHz.

When commercial routers "band steer" they simply prevent the client from associating to to the lower bands (by e.g. hackishly not responding to probes at that band), thereby leaving the client with only one choice: the band you want.

[NovemberWhiskey]

Is that strictly true? Isn't there a whole transitional specification which allows clients to connect the same SSID with either WPA2 or WPA3?

[kevinday]

Yes, but you can’t use it if you enable 6ghz according to the 6E specification.

[NovemberWhiskey]

But, here in the real world, you can. I know this because I do on my Netgear 6E WAPs.

[lazide]

Sounds like a dumb spec?

[bestham]

Dumb spec? There are fundamental limits in this world. Some things are simply mutually exclusive. A dump spec IMO would be a spec that does not acknowledge this.

[lazide]

A spec which uses a new frequency and still makes it impossible to co-exist with existing previous versions of the spec on other, different frequencies is fundamentally dumb.

It would be like if USB-C required any device with USB C to not support any other USB types or specs. Seriously, what the hell!

And no, there is no practical reason for them to be mutually exclusive.

[bestham]

The single-threaded nature of WPA2 AES-CCMP-128 is the reason (in addition to not wanting to embed known weak security protocols). The higher speeds and later standardization of Wi-Fi 6E (as compared to Wi-Fi 6) made this, in my opinion, a reasonable trade-off.

For Wi-Fi to survive, it must bring improvements in security protocols /and/ user experience (speed, coverage, and ease of setup). While I agree that security configuration should ideally not be tied to the physical characteristics of the link, security tends to lag, and the driver is user experience. So, if we want to have a high baseline of security, we have to tie it to the driver, the craving for a better user experience (higher speed and better spectrum utilization).

Good standards make trade-offs in the right places (both in time and space). Dumb standards miss the goal. I cannot say that this is a dumb standard when it is evident that trade-offs have to be made. Using WPA2 would have impacted cost of equipment, performance and security negatively.

[Hizonner]

That's the sort of thing that gets put into specs, is completely ignored by everybody except the handful of companies that pushed to get it into the spec in the first place, and eventually generates enough market pressure than even they start to ignore it.

I can understand a desire to kill WPA2 (and I can make some guesses about some maybe less noble motives)... but the WiFi standards can't effectively mandate things the market won't accept. Little trademarked "certified" logos and whatnot end up losing out to "it actually works". Generating pain in the process.

[Dalewyn]

Are there even computers with 6GHz but no WPA3 if "WPA3 or bust" is part of the 6GHz spec as you said?

Sounds to me like if something doesn't support WPA3, it also doesn't support 6GHz which makes the point moot.

[kevinday]

The problem is that if you enable 6GHz on an existing 2.4/5 GHz SSID, you immediately kick off all WPA2 devices. So you have to create a unique SSID for 6GHz devices to use, which is kinda confusing to end users.

[bestham]

It also makes it harder to roam between 6/5/2.4 networks.