Requested revision
Standard: | 802.1AE-2006 | Clause: | 13.6 |
Clause title: | Definitions for MAC Security MIB |
Rationale for revision
Confidentiality offset is set per cipher suite in secyCipherSuiteProtectionOffset. On the other hand, (1) ieee8021XKayMacSecConfidentialityOffset (802.1X-2010, 13.5) allows to set the offset per port, and (2) ieee8021XKayMacSecCapability’s value macSecCapability3 means that the port is capable in confidentiality with an offset 0, 30 or 50. If the offset is set in the cipher suite level, macSecCapability3 does not make sense and secyCipherSuiteProtectionOffset should not be writable.
Proposed text
Change the SYNTAX of secyCipherSuiteProtectionOffset to BITS, so it would describe what the suite is capable of, and use ieee8021XKayMacSecConfidentialityOffset to set the actual offset in use. Alternatively, if the offset is meant to be set in the suite level, both ieee8021XKayMacSecConfidentialityOffset and ieee8021XKayMacSecCapability are redundant and can be deprecated, or at least ieee8021XKayMacSecConfidentialityOffset should be read-only.
Impact on existing networks
Originator
Name: | Raphael Garti | Email: | raphael_g@rad.com |
Affiliation: | RAD Data Communications Ltd. | ||
Submitted: | 2015-05-12 |