Toerless Eckert <[email protected]> wrote: > First of all, there is obviously an ability to filter out packets > NOT to encrypt. Otherwise you would have a lot of problems negotiating > the encryption keys. To the best of knowledge, what MUST be supported > in ethernet chips is such filtering based on ethertype because thats > whats being used also in 802.1x, the basic security architecture. See > ACP draft section A.10.2
Yes, but the key management packets can be packets that are "special"
at the MACsec level.
> Secondly, i was told (and this is where i have not tried to validate),
> that MacSec should equally be able to utilize multiple keypairs,
> probably mapped by VLAN or ethertype. But the question of course is
> whether you want/can expect that MACsec MIC chips have that feature.
The people in the line behind me did not agree.
--
Michael Richardson <[email protected]>, Sandelman Software Works
-= IPv6 IoT consulting =-
signature.asc
Description: PGP signature
_______________________________________________ Anima mailing list [email protected] https://www.ietf.org/mailman/listinfo/anima
