Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

Re: [802.3_NGECDC] Single twisted pair, 1km CFI slide review



Title: Standard
Absolutely.  Just like 802.3ah was directed to 802.1 to create MACsec, any security work coming out of this CFI may result in the need for 802.1 to do work.  I would think it is incumbent on 802.3 to inform 802.1 of new work that spills over to them.

Oh, wait, that happened with 802.1AEbw where the faster 802.3 PHY resulted in 802.1AE needing a larger counter.

On 03/02/2016 10:13 PM, Geoff Thompson wrote:
JB/Bob-

Encryption has been out of scope for 802.3 work for 35 years.
I see no compelling reason to change now.
It is not within the 802.3 skill set nor would be appropriate to bundle with a PHY project.

These considerations belong in 802.1

Best regards,

	Geoff Thompson


On Mar 2, 2016, at 5:48 PMPST, Joseph Byrne <joseph.byrne@xxxxxxx> wrote:

Robert,

For the reasons you supplied (speed and scalability) GCM is preferred. Moreover, MACsec is often implemented in the MAC. Deviating from accepted practice would mean either forcing the industry to always put it in the PHY or for MACs to support both versions. Neither is acceptable, especially in light of the acceptance GCM has garnered since the days of 11i. Moreover, I think predicating 1000Base-T1 on developing a new MACsec standard would slow the process of developing -T1.

JB

-----Original Message-----
From: Robert Moskowitz [mailto:rgm@xxxxxxxxxxxxxxxxxxxx] 
Sent: Wednesday, March 02, 2016 5:00 PM
To: STDS-802-3-NGECDC@xxxxxxxxxxxxxxxxx
Subject: Re: [802.3_NGECDC] Single twisted pair, 1km CFI slide review

I will add one more item to consider, and that is security.

Security for 802.3 frames is provided by 802.1AE which specifies the AES GCM mode of operation.  GCM was specifically developed back for 802.3ah
(EPON) and is designed for fast, parallelizable operation. This is achieved at a cost to memory over CCM which was developed for 802.11i and is used in 802.15.4 as well.

An oft discussion is GCM or CCM, and in constrained environments, CCM typically wins.  As such this work should include a matching effort in
802.1 to add CCM to 802.1AE.

This is a first-level evaluation of the cost of security for LRE devices and more discussion and research will be needed.

--
Robert Moskowitz
Owner
HTT Consulting
C:      248-219-2059
F:      248-968-2824
E:      rgm@xxxxxxxxxxxxxxxxxxxx

There's no limit to what can be accomplished if it doesn't matter who gets the credit