Requested revision
Standard: | 802.1X | Clause: | 9 |
Clause title: | MACsec Key Agreement Protocol (MKA) |
Rationale for revision
When using XPN Cipher Suites the CP state machine transition from READY
to TRANSMIT
cannot be taken by a non-Key Server CA member unless the SCI to SSCI
mapping is known, which
will not be the case unless that CA member has received from all the others.
Proposed text
The Key Server should order (in SSCI order) the MIs in its Live Peer
List in each MKPDU
used to distribute an SAK. The MKA Version Identifier should be changed
to 3 so
that recipients can know that has been done. No other change is
necessary so the rest of
the MKPDU will appear entirely unchanged from the point of view of an
existing system.
Full details of necessary text change are in:
http://www.ieee802.org/1/files/public/docs2016/ck-seaman-ssci-maintenance0716v01.pdf
Impact on existing networks
No impact on an existing conformant system. Effectiveness of change
depends on Key Server
adopting the change (MKA Version Identifier 3), the change will benefit
any other Version
3 member (even if Version 2 or Version 1 members are in the CA) and will
have no effect
on those Version 2 and 1 members.
Originator
Name: | Mick Seaman | Email: | mickseaman@gmail.com |
Affiliation: | Mick Seaman | ||
Submitted: | 2016-07-26 |