Re: [PATCH net-next v2 0/5] Add support for locked bridge ports (for 802.1X)

[PATCH net-next v2 0/5] Add support for locked bridge ports (for 802.1X) · Hans Schultz <hidden> · 2022-02-09
[PATCH net-next v2 2/5] net: bridge: Add support for offloading of locked port flag · Hans Schultz <hidden> · 2022-02-09
Re: [PATCH net-next v2 2/5] net: bridge: Add support for offloading of locked port flag · Nikolay Aleksandrov <razor@blackwall.org> · 2022-02-10
[PATCH net-next v2 1/5] net: bridge: Add support for bridge port in locked mode · Hans Schultz <hidden> · 2022-02-09
Re: [PATCH net-next v2 1/5] net: bridge: Add support for bridge port in locked mode · Nikolay Aleksandrov <razor@blackwall.org> · 2022-02-10
Re: [PATCH net-next v2 1/5] net: bridge: Add support for bridge port in locked mode · Ido Schimmel <hidden> · 2022-02-10
[PATCH net-next v2 3/5] net: dsa: Add support for offloaded locked port flag · Hans Schultz <hidden> · 2022-02-09
Re: [PATCH net-next v2 3/5] net: dsa: Add support for offloaded locked port flag · Vladimir Oltean <olteanv@gmail.com> · 2022-02-10
[PATCH net-next v2 4/5] net: dsa: mv88e6xxx: Add support for bridge port locked mode · Hans Schultz <hidden> · 2022-02-09
[PATCH net-next v2 5/5] net: bridge: Refactor bridge port in locked mode to use jump labels · Hans Schultz <hidden> · 2022-02-09
Re: [PATCH net-next v2 5/5] net: bridge: Refactor bridge port in locked mode to use jump labels · Nikolay Aleksandrov <razor@blackwall.org> · 2022-02-10
Re: [PATCH net-next v2 5/5] net: bridge: Refactor bridge port in locked mode to use jump labels · Hans Schultz <hidden> · 2022-02-10
Re: [PATCH net-next v2 0/5] Add support for locked bridge ports (for 802.1X) · Ido Schimmel <hidden> · 2022-02-09
Re: [PATCH net-next v2 0/5] Add support for locked bridge ports (for 802.1X) · Hans Schultz <hidden> · 2022-02-10
Re: [PATCH net-next v2 0/5] Add support for locked bridge ports (for 802.1X) · Ido Schimmel <hidden> · 2022-02-10
Re: [PATCH net-next v2 0/5] Add support for locked bridge ports (for 802.1X) · Florian Fainelli <f.fainelli@gmail.com> · 2022-02-11
Re: [PATCH net-next v2 0/5] Add support for locked bridge ports (for 802.1X) · Vladimir Oltean <olteanv@gmail.com> · 2022-02-11
Re: [PATCH net-next v2 0/5] Add support for locked bridge ports (for 802.1X) · Tobias Waldekranz <tobias@waldekranz.com> · 2022-02-13
Re: [PATCH net-next v2 0/5] Add support for locked bridge ports (for 802.1X) · Jakub Kicinski <kuba@kernel.org> · 2022-02-11
Re: [PATCH net-next v2 0/5] Add support for locked bridge ports (for 802.1X) · Hans Schultz <hidden> · 2022-02-14
Re: [PATCH net-next v2 0/5] Add support for locked bridge ports (for 802.1X) · Jakub Kicinski <kuba@kernel.org> · 2022-02-14

From: Jakub Kicinski <kuba@kernel.org>
Date: 2022-02-14 16:17:00

On Mon, 14 Feb 2022 09:58:12 +0100 Hans Schultz wrote:

On fre, feb 11, 2022 at 14:59, Jakub Kicinski [off-list ref] wrote:

quoted

On Wed,  9 Feb 2022 14:05:32 +0100 Hans Schultz wrote:

quoted

The most common approach is to use the IEEE 802.1X protocol to take
care of the authorization of allowed users to gain access by opening
for the source address of the authorized host.

noob question - this is 802.1x without crypto? I'm trying to understand
the system you're describing.

No, user space will take care of authentication, f.ex. hostapd, so in a
typical setup the supplicant and the authentication daemon will take
care of all crypto related stuff in their communication.
So the authentication daemon will open the port for the authenticated
supplicant.

To be clear - I'm talking about wire crypto after all the communication
with the control plane and after the connection the port is opened. Not
crypto in whatever authentication method gets used. Does the device get
the keys somehow from user space?

See the cover letter.

Which part of it?

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help