Phillip Hallam-Baker wrote: > > The simplest, cleanest solution to this problem is to either have a > device cert installed during manufacture or to employ my alternative > scheme designed for low performance devices that does not require them > to perform public key cryptography on the end point device (patent > pending, all rights reserved). Personally, I'm heavily opposed to an approach along these lines. It is a big plus that MAC addresses can be trivially changed, and I regularly connect with random MACs in public places. Several years ago, Intel came out with a unique identifier in their Pentium CPU. The market did not take it very well, at least here in Europe. I remember BIOS options to enable/disable the unique CPU ID, and it was disabled on all the machines I have been using (and AFAIK, it was disabled on all PCs distributed by my companies IT department). Talking about it, I do not remember having seen such a bios option for many year -- may I assume that the unique identifier was removed from Intel CPUs entirely? Personally, I'm somewhat less concerned about a unique or fixed ID in my DSL-router. I have only one DSL subscription with one single ISP, and I need to authenticate to my ISP with userid&pass -- which makes we wonder why should there be a unique/fixed ID in that device, it is absolutely unnecessary. -Martin _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf