Mike, 802.1AE (MACsec) key management is specified in 802.1X-rev2 (2010).
Hesham -----Original Message----- From: Anima [mailto:anima-boun...@ietf.org] On Behalf Of Michael Richardson Sent: Monday, March 27, 2017 12:32 PM To: anima@ietf.org Subject: [Anima] key management for MACsec Reading 802.1AE-2006, I did not see any key management protocol for MACsec. I was thinking before that maybe we could write a MACsec key agreement mechanism in IKEv2. I am now informed of 802.1Xbx-2014: Amendment 1: MAC Security Key Agreement Protocol (MKA) Extensions but, I see that it's really an amendment to 802.1X, which I am fetching now. My thought was that if there *wasn't* a key agreement protocol for MACsec, that one could use IKEv2, and could propose a) MACsec, b) IPv6-over-IPsec, c) GRE-over-IPsec, and let the normal IKEv2 process select which is supported. But, if MACsec already has a key agreement protocol, that would be superfluous. -- Michael Richardson <mcr+i...@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =- _______________________________________________ Anima mailing list Anima@ietf.org https://www.ietf.org/mailman/listinfo/anima