Forum

802.11i states:
-------------------
The cipher suite selectors 00-0F-AC:1 (WEP-40) and 00-0F-AC:5 (WEP-104) are only valid as a group
cipher suite in a transition security network (TSN) to allow pre-RSNA devices to join the BSS.
Use of CCMP as the group cipher suite with TKIP as the pairwise cipher suite shall not be supported.
NOTE?¡é?€?¡±If the STAs can support CCMP, then there is no need for a weaker data confidentiality protocol.
The cipher suite selector 00-0F-AC:0 (Use group cipher suite) is only valid as the pairwise cipher suite. An
AP may specify the selector 00-0F-AC:0 (Use group cipher suite) for a pairwise cipher suite if it does not
support any pairwise cipher suites. If an AP specifies 00-0F-AC:0 (Use group cipher suite) as the pairwise
cipher selection, this shall be the only pairwise cipher selection the AP advertises.
-----------------------
what I cant understand is the reason why the standard does not allow to use a wep group key together with wep, tkip, ccmp pairwise keys. What the standard allows is to use the same wep key for broadcast/multicast and unicast traffic. Wouldn't it be more logical ( I am talking about a transition security network ) to distribute the same wep group key to all STAs ( which would be the default wep key used by all pre-rsna STAs ), and to allow STAs to choose between wep, tkip or ccmp as pairwise keys. After all a STA could implement 802.1x/EAP without implementing TKIP/CCMP and in that case it would choose to derive a dynamic wep key from the PMK.
I hope I have explained myself well.