nanog mailing list archives
Re: MACsec SFP
From: Pieter Hulshoff <phulshof () aimvalley nl>
Date: Tue, 24 Jun 2014 15:59:31 +0200
On 24-6-2014 15:50, Christopher Morrow wrote:
On Tue, Jun 24, 2014 at 3:59 AM, Pieter Hulshoff <phulshof () aimvalley nl> wrote:features they should have. I'll then try to build a business case to get the product developed. MACsec is currently on the top of my own list, but I'll gladly pass other ideas to my colleagues.what would be your key management strategy for the macsec version? given press / etc over the last 18 or so months it seems like folk with long-haul ether framing might be very interested in macsec for those links and NOT doing it by sticking some switch platform between the 2 routed endpoints. management of key material (and rolling and...) is probably interesting for them as well.
Actually, that's part of the feature list I'm trying to put together. Not everyone is willing to put a complete key infrastructure together, and some even expressed interest in a simple unmanaged point-to-point solution. Let me share my current view (subject to change):
The first release will support 802.1X MKA using a pre-shared key. I'm still trying to decide if this key should be programmable, e.g. via I2C, or if we will simply sell paired devices with a unique pair-wise key programmed in the factory. MKA will automatically take care of the distribution of new MACsec keys.
Later releases may support 802.1X EAPOL device authentication, though exactly which EAP sub-protocols we will support is yet to be determined. As said: a lot depends on the answers I will get from potential customers, including people on this list.
Kind regards, Pieter Hulshoff
Current thread:
- Re: MACsec SFP, (continued)
- Re: MACsec SFP Saku Ytti (Jun 23)
- Re: MACsec SFP Andreas Larsen (Jun 24)
- Re: MACsec SFP Pieter Hulshoff (Jun 24)
- Re: MACsec SFP Jonathan Lassoff (Jun 24)
- Re: MACsec SFP Saku Ytti (Jun 24)
- Re: MACsec SFP Pieter Hulshoff (Jun 24)
- Re: MACsec SFP Saku Ytti (Jun 24)
- Re: MACsec SFP Pieter Hulshoff (Jun 24)
- RE: MACsec SFP Frank Bulk (iname.com) (Jun 24)
- Re: MACsec SFP Saku Ytti (Jun 23)
- Re: MACsec SFP Christopher Morrow (Jun 24)
- Re: MACsec SFP Pieter Hulshoff (Jun 24)
- Re: MACsec SFP Christopher Morrow (Jun 24)
- Re: MACsec SFP Saku Ytti (Jun 24)
- Re: MACsec SFP Christopher Morrow (Jun 24)
- Re: MACsec SFP Saku Ytti (Jun 24)
- Re: MACsec SFP Christopher Morrow (Jun 24)
- Re: MACsec SFP Eric Flanery (eric) (Jun 24)
- Re: MACsec SFP Pieter Hulshoff (Jun 25)
- Re: MACsec SFP Eric Flanery (eric) (Jun 25)
- Re: MACsec SFP Saku Ytti (Jun 25)
- Re: MACsec SFP Tim Durack (Jun 25)