Requested revision
Standard: | 802.1X | Clause: | 9 |
Clause title: | MACsec Key Agreement Protocol (MKA) |
Rationale for revision
When using XPN Cipher Suites the CP state machine transition from READY to TRANSMIT cannot be taken by a non-Key Server CA member unless the SCI to SSCI mapping is known, which will not be the case unless that CA member has received from all the others.
Proposed text
The Key Server should order (in SSCI order) the MIs in its Live Peer List in each MKPDU used to distribute an SAK. The MKA Version Identifier should be changed to 3 so that recipients can know that has been done. No other change is necessary so the rest of the MKPDU will appear entirely unchanged from the point of view of an existing system. Full details of necessary text change are in: http://www.ieee802.org/1/files/public/docs2016/ck-seaman-ssci-maintenance0716v01.pdf
Impact on existing networks
No impact on an existing conformant system. Effectiveness of change
depends on Key Server
adopting the change (MKA Version Identifier 3), the change will benefit
any other Version
3 member (even if Version 2 or Version 1 members are in the CA) and will
have no effect
on those Version 2 and 1 members.
Originator
Name: | Mick Seaman | Email: | mickseaman@gmail.com |
Affiliation: | Mick Seaman | ||
Submitted: | 2016-07-26 |