Talk: "MACsec: encryption for the wired LAN" (Sabrina Dubroca)


MACsec, or IEEE 802.1AE, is an encryption standard for wired LANs. It can also secure VLANs, protect DHCP traffic, prevent tampering on ethernet headers, on real devices or over VXLAN. It can be used on its own, or rely on 802.1X for authentication and key distribution via the MACsec Key Agreement (MKA) extension.

In a cloud setting, MACsec over VXLAN could allow encryption to be performed by the tenants themselves instead of relying on the provider's hypervisor.

This talk will give an overview of MACsec, present some use cases, describe MACsec's proposed implementation for the Linux kernel, and areas of future work.