Requested revision
Standard: | 802.1X | Clause: | 9 |
Clause title: | MACsec Key Agreement Protocol (MKA) |
Rationale for revision
An interoperability issue has been reported with respect to use of the
Latest and Old SAK information fields in MKPDUs. While SAK rollover
operates correctly the existing standard is inconsistent as to when
"Latest" should be moved to "Old" in anticipation of reuse of the
"Latest" field for a further SAK. This means that implementations may
miss the pending PN exhaustion condition through monitoring a currently
unused field.
The issue, discussed in the Security TG, is described in:
http://www.ieee802.org/1/files/public/docs2017/xck-seaman-mka-pn-exhaustion-0917-v1.pdf
Proposed text
Specific changes in strikeout/insert form appropriate to an amendment are shown in:
http://www.ieee802.org/1/files/public/docs2017/xck-seaman-mka-pn-exhaustion-0917-v1.pdf
It is suggested that this maintenance item be handled in P802.1Xck.
Impact on existing networks
No impact to existing networks other than facilitating interoperability
between new implementations of the revised standard and implementations
that have interpreted the existing standard in either possible way.
Originator
Name: | Mick Seaman | Email: | mickseaman@gmail.com |
Affiliation: | Mick Seaman | ||
Submitted: | 2017-10-04 |