RSS feed
[Home] . [What's New?] . [Active Ballots] . [Minutes] . [Maintenance] . [Interpretations] . [Public Docs] . [Committee Docs]
[802 Architecture Group] . [Data Center Bridging Task Group] [Time-Sensitive Networking Task Group]
[Email] . [Ancient Email] . [Meetings] . [802.1 MIBs] . [802.1 OIDs] . [IEEE 802] . [IEEE 802 PARs]
[802] . [802a] . [802b] . [802.1D] . [802.1D-2004] . [802.1G] . [802.1H-REV] . [802.1Q] . [802.1Q-2014] . [802.1s] . [802.1v] . [802.1w] . [802.1AB-2005] . [802.1AB-2009] . [802.1AC] . [802.1AC-Rev] . [802.1ad] . [802.1ag] . [802.1ah] . [802.1aj] . [802.1ak] . [802.1ap] . [802.1aq] . [802.1Qaw] . [802.1AX] . [802.1Qay] . [802.1Qbc] . [802.1Qbe] . [802.1Qbf] . [802.1AXbk] . [802.1Qbp] . [802.1AX-Rev] . [802.1Qbz] . [802.1Qca] . [802.1Qcc]
Security: [802.1X-2001] . [802.1X-2004] . [802.1X-2010] . [802.1AE] . [802.1af] . [802.1AR] . [802.1AEbn] . [802.1AEbw] . [802.1Xbx] . OmniRAN: [802.1CF]
TSN: [802.1AS] . [802.1ASbt] . [802.1Qat] . [802.1Qav] . [802.1BA] . [802.1Qbu] . [802.1Qbv] . [802.1CB] . [802.1Qcc] . DCB: [802.1Qau] . [802.1Qaz] . [802.1Qbb] . [802.1Qbg] . [802.1Qbh] . [802.3bd] . [802.1BR] . [802.1Qcd]


802.1AEbw - MAC Security Amendment: Extended Packet Numbering

The full title of this PAR is "Standard for Local and Metropolitan Area Networks: Media Access Control (MAC) Security Amendment: Extended Packet Numbering".

This amendment specifies the optional use of AES-128 (Advanced Encryption Standard-128) and AES-256 GCM (Galois Counter Mode) Cipher Suites that make use of a 64-bit PN (packet number) as part of their IV (Initialization Vector) parameter while retaining the existing MACsec (Media Access Control security) frame format by continuing to communicate only the least significant 32 bits of the PN in the SecTAG (security tag).

This standard specifies the optional use of Cipher Suites that make use of a 64-bit PN to allow more than 2**32 packets to be sent with a single Secure Association Key.

At very high speeds (100 Gb/s and above) the existing MACsec Cipher Suites can exhaust an SAK (Security Association Key), thus demanding rekeying, at a rate (~9 seconds for full utilization with minimum Ethernet frame sizes at 400 Gb/s) that over-constrains implementation technology and does not allow adequate time for in-service software upgrades that temporarily suspend key agreement protocol operation. There is significant broad interest in the use of MACsec at these speeds and a desire to address these issues while retaining a high degree of compatibility with existing implementations and deployment.

Status
StatusPAR approved May 15th, 2012; Standard approved Feb 6th, 2013
EditorMick Seaman

Archive
DateDocument
07 May 2012802.1AEbw, Draft 0.6
08 May 2012802.1AEbw, Draft 0.7
09 May 2012802.1AEbw, Draft 0.8
20 Jun 2012802.1AEbw, Draft 0.8 proposed comment dispositions
29 Jun 2012802.1AEbw, Draft 1.0 with changebars
29 Jun 2012802.1AEbw, Draft 1.0
17 Jul 2012802.1AEbw, Draft 1.0 comment dispositions
29 Oct 2012802.1AEbw, Draft 1.1
30 Oct 2012802.1AEbw, Draft 1.0 proposed comment dispositions
02 Nov 2012802.1AEbw, Draft 1.1
12 Nov 2012802.1AEbw, Draft 1.0 comment dispositions
12 Nov 2012802.1AEbw, Draft 1.0 comment dispositions
15 Nov 2012802.1AEbw, Draft 1.1 proposed comment dispositions

Presentations
DateDocument
21 Feb 2012Presentation aebw-seaman-xpn-recovery-0212-v01

Pages copyright © Institute of Electrical and Electronics Engineers, Inc. Please read the rules on Confidentiality Statements and Copyright Notices on Communications. Information on Privacy and opting out of cookies is available. If you have any comments on these pages, please send them to me.

Valid XHTML 1.0 Transitional Valid CSS!

Last status: 0
Last modified by jlm, at 3:26PM on Fri, 18 Jul 2014