On 25-06-14 22:17, John Schiel wrote:
Would be nice if we knew what the protocol was that communicated this
information down to the SFP and would also be nice if that was an open
protocol subject to review. UDP something? is my guess but ow do those
messages look?
I'm new to the MACsec idea but I would hope we could watch for such
key exchange traversing the wire and have some method to ignore
spurious messages and keys that may lock up a valid, working SFP.
It hasn't been decided yet. For our current portfolio of managed device
we use a proprietary layer-2 protocol, and offer a network management
module that can be integrated into a network management system, a smart
device gateway with SNMP support, and an integrated network management
in Creanord's EchoVault system. Layer-3 management support is under
investigation. Obviously, any key communication over the line would be
encrypted, but what security system will be used will depend greatly on
the chosen communication protocol. This will in part depend on the
customer feedback I get, which currently range from our current layer-2
solution to a web interface to a CLI. If we go layer-3, we'll probably
use a standard like SSL/TLS for web pages, and SSH for CLI.
Kind regards,
Pieter Hulshoff