[172597] in North American Network Operators' Group
Re: MACsec SFP
daemon@ATHENA.MIT.EDU (Christopher Morrow)
Wed Jun 25 01:21:36 2014
X-Original-To: nanog@nanog.org
In-Reply-To: <m2tx7ahrf1.wl%randy@psg.com>
Date: Wed, 25 Jun 2014 01:21:27 -0400
From: Christopher Morrow <morrowc.lists@gmail.com>
To: Randy Bush <randy@psg.com>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Tue, Jun 24, 2014 at 6:30 PM, Randy Bush <randy@psg.com> wrote:
>>> Solution could be same as for tunable optics, first you tune with
>>> eeprommer until CLI gets support.
>>> Remote legs could have their own eeprommer, which can be easy enough
>>> to use not to require training and costs like 10EUR.
>> it's going to be hard to schedule a key roll then, right?
>
> i have always been fond of rfc 4808 and not the unnecessarily complex
> alternatives such as tcp-ao.
sure... but to do this you have to be able to program the keys from
the platform the SFP is plugged into.. .not via the sfp itself
(outside the chassis)
