
P802.1AEbt Preliminary Draft PAR and 5 Criteria
====================================

A preliminary draft of the proposed P802.1AEbt amendment, showing the nature and extent of changes that might result from the project is at:

    http://www.ieee802.org/1/files/public/docs2011/new-seaman-1AEbt-extended-packet-numbering-1111-v03.pdf

 ---------------------------P802.1AEbt Preliminary Draft PAR and 5 Criteria, omitting some boiler-plate fields ------------
P802.1AEbt

Type of Project: Amendment to IEEE Standard 802.1AE-2006

Status: Unapproved PAR, PAR for an Amendment to an existing IEEE Standard

1.1 Project Number: P802.1AEbt
1.2 Type of Document: Standard
1.3 Life Cycle: Full Use

2.1 Title: Standard for Local and Metropolitan Area Networks---Media Access Control (MAC) Security Amendment: Extended Packet Numbering

4.1 Type of Ballot: Individual
4.2 Expected Date of submission of draft to the IEEE-SA for Initial Sponsor Ballot: 11/2012
4.3 Projected Completion Date for Submittal to RevCom: 03/2013

5.1 Approximate number of people expected to be actively involved in the development of this project: 10

5.2 Scope:

This standard specifies the optional use of AES-128 and AES-256 GCM (Galois Counter Mode) Cipher Suites that make use of a 64-bit PN (packet number) as part of their IV (Initial Value) parameter while retaining the existing MACsec frame format by continuing to communicate only the least significant 32 bits of the PN in the SecTAG.

5.3 Is the completion of this standard dependent upon the completion of another standard: No
If yes please explain:

5.4 Purpose:

This standard specifies the optional use of Cipher Suites that make use of a 64-bit PN to allow more than 2**32 packets to be sent with a single Secure Association Key.

5.5 Need for the Project:

At very high speeds (100 Gb/s and above) the existing MACsec Cipher Suites can exhaust an SAK, thus demanding rekeying, at a rate (~9 seconds for full utilization with minimum Ethernet frame sizes at 400 Gb/s) that may conflict with some organizations’ security policies and allowing inadequate time for in-service software upgrades that temporarily suspend key agreement protocol operation. There is significant broad interest in the use of MACsec at these speeds and a desire to address these issues while retaining a high degree of compatibility with existing implementations and deployment.

5.6 Stakeholders for the Standard: Developers and users of networking equipment.

Intellectual Property
6.1.a. Is the Sponsor aware of any copyright permissions needed for this project?: No
6.1.b. Is the Sponsor aware of possible registration activity related to this project?: No

7.1 Are there other standards or projects with a similar scope?: No
If Yes please explain:
7.2 Joint Development
Is it the intent to develop this document jointly with another organization?: No


Five Criteria for 802.1AEbt– Media Access Control (MAC) Security Amendment: Extended Packet Numbering

1. Broad Market Potential
    a. Broad sets of applicability

    This amendment is applicable to all networks that are currently using or planning to use MACsec. The addition of these Cipher Suites will continue the appeal and applicability of IEEE 802.1AE for customers deploying or planning use of the fastest LAN technologies.

    b. Multiple vendors and numerous users

    A number of major equipment providers have indicated support for this amendment.

    c. Balanced costs (LAN versus attached stations)

    There is no imbalance of cost created by this amendment.

2. Compatibility

    This amendment fits within the framework of IEEE 802.1AE-2006 without changes to the frame formats. Implementations that conform to the existing standard will remain conformant. A definition of managed objects is already included in the base standard and will be retained with little (if any) extension, as it already provides for the addition of new Cipher Suites without changes to the MIB.

3. Distinct Identity

    a. Substantially different from other IEEE 802 standards

    IEEE 802.1AE is already a recognized and established standard.

    b. One unique solution per problem (not two solutions to a problem)

    This project enhances IEEE 802.1AE to meet emerging and additional needs, it
does not duplicate existing capabilities.

    c. Easy for the document reader to select the relevant specification

    IEEE Std 802.1AE is already an established reference for MAC Security.

4. Technical Feasibility

    a. Demonstrated system feasibility

    The characteristics of the GCM-AES family of cipher suites is already well known. IEEE 802.1AE was one of the first vehicles for this technology. Extended packet numbering techniques similar to that proposed for this amendment have already been deployed for IP security.

    b. Proven technology, reasonable testing

    Technology for testing cryptographic modes of operations is well advanced..

c. Confidence in reliability

    GCM-AES has been adopted by NIST. Extended packet numbering techniques have been used for other purposes. This project is expected to pose no new reliability challenges.

    d. Coexistence of 802 wireless standards specifying devices for unlicensed operation
    Not applicable.

5. Economic Feasibility

    a. Known cost factors, reliable data

    The economic factors for adoption of this technology outweigh the estimated  costs of implementing the solution.

    b. Reasonable cost for performance

    The economic factors for adoption of this technology outweigh the estimated  costs of implementing the solution.

    c. Consideration of installation costs

   The economic factors for adoption of this technology outweigh the estimated  costs of implementing the solution.