Re: MACsec SFP

[Christopher Morrow <morrowc.lists () gmail com>]

On Tue, Jun 24, 2014 at 12:07 PM, Saku Ytti <saku () ytti fi> wrote:
> On (2014-06-24 11:50 -0400), Christopher Morrow wrote:
>
> > Programmable seems like the way to go, provided there's a path to do
> > that in the cli of the device you plugged the SFP into? (which I think
> > is the hard part actually, right?)
>
> Solution could be same as for tunable optics, first you tune with eeprommer
> until CLI gets support.
> Remote legs could have their own eeprommer, which can be easy enough to use
> not to require training and costs like 10EUR.

it's going to be hard to schedule a key roll then, right? I would
expect that in most/many deployments where someone enters a 'key'
there has to be some compliance process that includes: "And you change
that key every X days" right? So you'll NOT want to be in a situation
that involves coordinating a few thousand truck rolls every X months
to have this deployed.

also, as soon as you give the remote-hands person a copy of your key
material and ask them to do the deed on the eepromer, you'll be buying
replacement eepromer's/stick-note-bundles for the remote-hands people
(or god forbid asking ${equinix-alike} to cleanse your key material
from their ticketing system.

> Maybe some customer would then enter need for this in CLI in their multimillion
> dollar RFQ, and then we'd get the feature.

maybe so... multi-million of sfp is a lot of sfp though.