[172598] in North American Network Operators' Group
Re: MACsec SFP
daemon@ATHENA.MIT.EDU (Randy Bush)
Wed Jun 25 01:25:38 2014
X-Original-To: nanog@nanog.org
Date: Wed, 25 Jun 2014 14:23:08 +0900
From: Randy Bush <randy@psg.com>
To: Christopher Morrow <morrowc.lists@gmail.com>
In-Reply-To: <CAL9jLaaom3yN5JBMgkpDd6upzFxnQPC8u=_kWsO11ssLv_4=nA@mail.gmail.com>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
>> i have always been fond of rfc 4808 and not the unnecessarily complex
>> alternatives such as tcp-ao.
> sure... but to do this you have to be able to program the keys from
> the platform the SFP is plugged into.. .not via the sfp itself
> (outside the chassis)
i was advocating the general method, prepping key roll, not the
particular use in md5 tcp
randy
