Yes clients do that. That was a reason why I was sceptical about usage. The clients won’t roam unless they scan for new APs and they do that only if signal level is under some threshold. This threshold is on most devices set to levels that pretty much is same as “barely connected”. This means that device won’t scan for new AP until old AP is almost not accessible. That prevents it from roaming. You can change these limits (at leas on Linux you can) but that introduces windows of poor performance because wifi is retuned to various frequencies to do scan and that greatly decreases throughput. You can see that situation on my slides on graphs right before clients roams (in both before and around tenth second). Comparing it to roam improvement between APs it is more significant. The interesting measurement is under resolution of what I was able to get from iperf but where without 802.11r roam took around 200ms with it enabled it took not much less than 100ms. Comparing it to 2-3s of poor performance accounting for every scan it is clear that 802.11r on its own is not that beneficial.
The industrial solution is to disconnect client from AP by central controller which forces user to roam to different AP, well up to my limited knowledge. Probably better and cleaner solution is 802.11v which should allow network to inform clients about possible APs without need for periodic scans. Unfortunately I had no time to play with that yet. I also suspect that support of that standard is going to be even worse than 802.11r.
Yes and it was 12th of June so just about a month before that vulnerability if I remember correctly. Any additional tests were delayed afterwards.
I haven’t found one. I suspect that it was evaluated as either impractical form of attack or as a variant of brute-force attack on full EAPOL handshake. Up to my knowledge the fix is not possible. All clients not supporting wpa3 are hashing PMKID field with sha1.
You want long password with high randomness. It does not matter if you use special signs or not. The important point is high randomness and length.