From ac5eec5e6b581df753c3728f13780918f0d1f517 Mon Sep 17 00:00:00 2001
From: "ishwar.naik" <ishwar.naik@arista.com>
Date: Tue, 24 Mar 2026 17:22:36 +0000
Subject: [PATCH 1/4] Updating description of openconfig/macsec leaf
 sak-rekey-on-live-peer-loss

---
 release/models/macsec/openconfig-macsec.yang | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/release/models/macsec/openconfig-macsec.yang b/release/models/macsec/openconfig-macsec.yang
index 53f0eac9bd..6bcb09727f 100644
--- a/release/models/macsec/openconfig-macsec.yang
+++ b/release/models/macsec/openconfig-macsec.yang
@@ -654,7 +654,11 @@ revision "2023-06-08" {
       type boolean;
       default "false";
       description
-        "Rekey on peer loss";
+        "When set to true, the loss of a peer triggers sak rekey only if the MKA
+         session still has other live peers. If no live peers remain, the rekey
+         behaviour is determined by the configured traffic policy. Depending on
+         the policy, the implementation may continue using the currently active
+         SAK to allow ongoing traffic or remove the SAK.";
     }
 
     leaf use-updated-eth-header {

From 70386aa5d5c53f7be44a430305a1a220e60beb87 Mon Sep 17 00:00:00 2001
From: "ishwar.naik" <ishwar.naik@arista.com>
Date: Tue, 24 Mar 2026 17:51:06 +0000
Subject: [PATCH 2/4] Updating revision

---
 release/models/macsec/openconfig-macsec.yang | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/release/models/macsec/openconfig-macsec.yang b/release/models/macsec/openconfig-macsec.yang
index 6bcb09727f..09da7bac12 100644
--- a/release/models/macsec/openconfig-macsec.yang
+++ b/release/models/macsec/openconfig-macsec.yang
@@ -23,6 +23,12 @@ module openconfig-macsec {
   oc-ext:catalog-organization "openconfig";
   oc-ext:origin "openconfig";
 
+  revision "2026-03-24" {
+    description
+      "Updating description of openconfig/macsec leaf sak-rekey-on-live-peer-loss.";
+    reference "1.2.1";
+  }
+
   revision "2025-01-02" {
     description
       "Add include-sci to allow enable/disable of secure channel
@@ -36,7 +42,7 @@ module openconfig-macsec {
     reference "1.1.1";
   }
 
-revision "2023-06-08" {
+  revision "2023-06-08" {
     description
       "Support rx-late-pkts leaf.";
     reference "1.1.0";

From 0aef5d5fab37d72a850062d9ebd265177f0547f8 Mon Sep 17 00:00:00 2001
From: "ishwar.naik" <ishwar.naik@arista.com>
Date: Wed, 25 Mar 2026 08:36:25 +0000
Subject: [PATCH 3/4] Fixed version

---
 release/models/macsec/openconfig-macsec.yang | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/release/models/macsec/openconfig-macsec.yang b/release/models/macsec/openconfig-macsec.yang
index 09da7bac12..8e906921ac 100644
--- a/release/models/macsec/openconfig-macsec.yang
+++ b/release/models/macsec/openconfig-macsec.yang
@@ -18,7 +18,7 @@ module openconfig-macsec {
     "This module defines configuration and state data for
      MACsec IEEE Std 802.1AE-2018.";
 
-  oc-ext:openconfig-version "1.2.0";
+  oc-ext:openconfig-version "1.2.1";
   oc-ext:regexp-posix;
   oc-ext:catalog-organization "openconfig";
   oc-ext:origin "openconfig";
@@ -662,7 +662,7 @@ module openconfig-macsec {
       description
         "When set to true, the loss of a peer triggers sak rekey only if the MKA
          session still has other live peers. If no live peers remain, the rekey
-         behaviour is determined by the configured traffic policy. Depending on
+         behavior is determined by the configured traffic policy. Depending on
          the policy, the implementation may continue using the currently active
          SAK to allow ongoing traffic or remove the SAK.";
     }

From b389dcf79e90b1584fd1e68c37f5e55c1d438e64 Mon Sep 17 00:00:00 2001
From: "ishwar.naik" <ishwar.naik@arista.com>
Date: Thu, 26 Mar 2026 20:03:43 +0000
Subject: [PATCH 4/4] updating description

---
 release/models/macsec/openconfig-macsec.yang | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/release/models/macsec/openconfig-macsec.yang b/release/models/macsec/openconfig-macsec.yang
index 8e906921ac..e1cecc759b 100644
--- a/release/models/macsec/openconfig-macsec.yang
+++ b/release/models/macsec/openconfig-macsec.yang
@@ -660,11 +660,14 @@ module openconfig-macsec {
       type boolean;
       default "false";
       description
-        "When set to true, the loss of a peer triggers sak rekey only if the MKA
-         session still has other live peers. If no live peers remain, the rekey
-         behavior is determined by the configured traffic policy. Depending on
-         the policy, the implementation may continue using the currently active
-         SAK to allow ongoing traffic or remove the SAK.";
+		  "When set to true, the loss of a peer triggers a SAK rekey only if the
+			MKA session still has other live peers. If the peer loss results in no
+			live peers remaining in the MKA session, an automatic rekey is not
+			triggered. Instead, the security-policy leaf configuration determines
+			the subsequent behavior. Based on the security-policy leaf configuration,
+			the system may retain the currently active SAK to allow encrypted traffic
+			exchange, or it may immediately remove the SAK to halt or allow unencrypted
+			transmission.";
     }
 
     leaf use-updated-eth-header {