Re: [PATCH net-next v4 0/5] Add support for locked bridge ports (for 802.1X)

From: Jakub Kicinski
Date: Wed Feb 23 2022 - 11:20:34 EST

Next message: Maxim Levitsky: "Re: [PATCH v2 10/18] KVM: x86/mmu: load new PGD after the shadow MMU is initialized"
Previous message: Jason A. Donenfeld: "Re: [PATCH RFC v1 0/2] VM fork detection for RNG"
In reply to: Hans Schultz: "Re: [PATCH net-next v4 0/5] Add support for locked bridge ports (for 802.1X)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 23 Feb 2022 09:40:59 +0100 Hans Schultz wrote:
> > You still haven't answer my question. Is the data plane clear text in
> > the deployment you describe?
>
> Sorry, I didn't understand your question in the first instance. So as
> 802.1X is only about authentication/authorization, the port when opened
> for a host is like any other switch port and thus communication is in
> the clear.

Alright, thanks for clarifying!

> I have not looked much into macsec (but know ipsec), and that is a
> crypto (key) based connection mechanism, but that is a totally different
> ballgame, and I think it would for most practical cases require hardware
> encryption.

Next message: Maxim Levitsky: "Re: [PATCH v2 10/18] KVM: x86/mmu: load new PGD after the shadow MMU is initialized"
Previous message: Jason A. Donenfeld: "Re: [PATCH RFC v1 0/2] VM fork detection for RNG"
In reply to: Hans Schultz: "Re: [PATCH net-next v4 0/5] Add support for locked bridge ports (for 802.1X)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]