From 6c65fbc5f919546dcf539d30e527e754c622a6ae Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Thu, 21 May 2020 10:50:11 +0200
Subject: macsec: initial documentation

Thank you Bootlin for the absract!
https://bootlin.com/blog/network-traffic-encryption-in-linux-using-macsec-and-hardware-offloading/
---
 docs/interfaces/advanced-index.rst |  1 +
 docs/interfaces/macsec.rst         | 23 +++++++++++++++++++++++
 2 files changed, 24 insertions(+)
 create mode 100644 docs/interfaces/macsec.rst

(limited to 'docs')

diff --git a/docs/interfaces/advanced-index.rst b/docs/interfaces/advanced-index.rst
index e34cf2b0..c666f7ae 100644
--- a/docs/interfaces/advanced-index.rst
+++ b/docs/interfaces/advanced-index.rst
@@ -12,6 +12,7 @@ Advanced Network Interfaces
    dummy
    geneve
    l2tpv3
+   macsec
    pseudo-ethernet
    qinq
    tunnel
diff --git a/docs/interfaces/macsec.rst b/docs/interfaces/macsec.rst
new file mode 100644
index 00000000..578a1633
--- /dev/null
+++ b/docs/interfaces/macsec.rst
@@ -0,0 +1,23 @@
+.. _macsec-interface:
+
+######
+MACsec
+######
+
+MACsec is an IEEE standard (IEEE 802.1AE) for MAC security, introduced in 2006.
+It defines a way to establish a protocol independent connection between two
+hosts with data confidentiality, authenticity and/or integrity, using
+GCM-AES-128. MACsec operates on the Ethernet layer and as such is a layer 2
+protocol, which means it's designed to secure traffic within a layer 2 network,
+including DHCP or ARP requests. It does not compete with other security
+solutions such as IPsec (layer 3) or TLS (layer 4), as all those solutions are
+used for their own specific use cases.
+
+
+Configuration
+#############
+
+Operation
+=========
+
+
-- 
cgit v1.2.3