MACsec SFP

• Previous message (by thread): MACsec SFP
• Next message (by thread): MACsec SFP
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jun 24, 2014 at 1:19 PM, Saku Ytti <saku at ytti.fi> wrote:
> On (2014-06-24 12:30 -0400), Christopher Morrow wrote:
>
>> it's going to be hard to schedule a key roll then, right? I would
>> expect that in most/many deployments where someone enters a 'key'
>> there has to be some compliance process that includes: "And you change
>> that key every X days" right? So you'll NOT want to be in a situation
>> that involves coordinating a few thousand truck rolls every X months
>> to have this deployed.
>
> Hopefully you could offer date when new keys take effect.

sure, 'use new key in 37.243 minutes!' I still have to coordinate
people showing up at all sites over N period of time to do this
programming, and I'm SURE that some set of the programmed devices will
get an l instead of a 1 ... so 'quick chuck, get in the truck!' is
going to be an oft-heard refrain ;(

Hand managing this just isn't feasible, I think.

>> > Maybe some customer would then enter need for this in CLI in their multimillion
>> > dollar RFQ, and then we'd get the feature.
>>
>> maybe so... multi-million of sfp is a lot of sfp though.
>
> Of course this would be for the equipment where SFP sits, SFP vendor can't
> solve this. But if you're making it mandatory in router RFQ, it seems pretty
> much guaranteed vendors would comply and winning bid at least would implement
> it.

yes, I realized as I clicked 'send'... in any case :) the sfp
manufacturer likely has to decide on some way to program the sfp
(maybe there are already in-router/switch ways for other things like
this? like wavelength...) which all router/switch vendors have to also
agree to abide by.

• Previous message (by thread): MACsec SFP
• Next message (by thread): MACsec SFP
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]