NOTE: This draft PAR is being considered at a time when IEEE 802's own rules for PARs, and particularly those referred to as 'criteria for standards development' (CSD), comprising the project process requirements and the '5C', are in a state of flux. This draft attempts to meet those criteria as set out in:

https://mentor.ieee.org/802-ec/dcn/13/ec-13-0009-12-00EC-proposed-5c.pdf

but should be examined carefully prior to submission, checking against the CSD current at that time.


------
Type of Project: Amendment to IEEE Standard 802.1AE

Status: PAR for an Amendment to an existing IEEE Standard 802.1AE-2006

1.1 Project Number: P802.1AEcg
1.2 Type of Document: Standard
1.3 Life Cycle: Full Use

2.1 Title: IEEE Standard for Local and Metropolitan Area Network - Media Access Control (MAC) Security -
Amendment: Ethernet Data Encryption devices

5.2 Scope: This standard specifies the use of MACsec in two port bridges that provide transparent secure connectivity
to customer bridges and provider bridges while allowing provider network service selection and provider backbone
network selection to occur as already specified in 802.1Q.

5.3 Is the completion of this standard dependent upon the completion of another standard: No

5.4 Purpose: See need.

5.5 Need for the Project: IEEE 802.1AE already specifies the use of MACsec in various interworking scenarios involving
various types of bridging systems (e.g. Customer Bridges, Provider Bridges, and Provider Edge Bridges). However it is also desirable to secure connectivity by adding separate bridging systems (Ethernet Data Encryption devices, EDEs) dedicated to that purpose and having minimal additional functionality.The desired secure connectivity can be achieved without removing existing network functionality (such as VID-based service selection) by using existing architectural components (as specified in 802.1AE, 802.1X, and 802.1Q). Such use needs to be documented in IEEE 802.1AE (specifically within Clause 11 MAC Security in Systems). To facilitate interoperability additional Group Addresses need to be assigned to allow each EDE's 802.1X PAE (Port Access Entity) to communicate with its peer(s). These addresses do not have to be Reserved Addresses (as specified in 802.1Q Clause 8).

5.6 Stakeholders for the Standard: Developers and users of networking
equipment.

Intellectual Property
6.1.a. Is the Sponsor aware of any copyright permissions needed for this
project?: No
6.1.b. Is the Sponsor aware of possible registration activity related to
this project?: No

7.1 Are there other standards or projects with a similar scope?: No

Criteria for standards development (CSD):

Project process requirements for 802.1AEcg MAC Security - Amendment: Ethernet Data Encryption devices

1. Managed objects

Definition of managed objects in the form of an SNMP MIB is part of IEEE 802.1AE. If this amendment to IEEE 802.1AE results in changes that need to be accompanied by changes to the definition of managed objects then those changes will be developed as part of this project.

2. Coexistence

This is not a wireless project so a Coexistence Assurance (CA) document is not applicable.


Five Criteria for 802.1AEcg MAC Security - Amendment: Ethernet Data Encryption devices

1. Broad Market Potential
a. Broad sets of applicability
This amendment will support the use of MACsec in a number of scenarios deemed important by a number of significant users. In particular it will support requirements that have been identified during the development of the `Ethernet Security Specification' (ESS) by the NSA.

b. Multiple vendors and numerous users
A number of major equipment providers have indicated support for this amendment. The amendment is being proposed to meet the desire of major users to be clearly IEEE 802.1AE conformant in the use of MACsec.

c. Balanced costs (LAN versus attached stations)
There is no imbalance of cost created by this amendment.

2. Compatibility
This will be in conformance with IEEE Std 802, IEEE Std 802.1AC, and IEEE 802.1Q. It will fit within the existing framework provided by IEEE 802.1AE-2006 and IEEE 802.1X-2010.

3. Distinct Identity
a. Substantially different from other IEEE 802 standards
IEEE 802.1AE is already a recognized and established standard.

b. One unique solution per problem (not two solutions to a problem)
This project enhances IEEE 802.1AE to meet expressed customer needs; it does not duplicate existing capabilities.

c. Easy for the document reader to select the relevant specification
IEEE Std 802.1AE is already the established reference for MACsec.

4. Technical Feasibility
a. Demonstrated system feasibility
No new system constructs are being added.

b. Proven technology, reasonable testing
Testing of these types of systems is well developed.

c. Confidence in reliability
Reliability should follow reliability standards and expectations set by existing bridges.

d. Coexistence of 802 wireless standards specifying devices for unlicensed operation
Not applicable.

5. Economic Feasibility
a. Known cost factors, reliable data
The economic factors for adoption of this technology outweigh the estimated costs of implementing the solution.

b. Reasonable cost for performance
Costs will be similar to that of existing bridging systems incorporating MACsec.

c. Consideration of installation costs
No differences expected. No changes in the installation practice are anticipated.