Intel got a bloody nose on that one because they were incompetent and lied. A few weeks before the launch an Intel person told me about the serial number scheme as a means of tracking down CPUs stolen during distribution. Then at the launch we were told how the serial number was going to enable a new generation of DRM systems (which it did not). When asked the PR flacks denied the purpose was preventing theft. Afterward I was told that the history was that some VP was going to give a keynote and decided they needed something to announce and so marketing repackaged the anti-theft scheme. It was a pointless argument as every PC has at least ten unique machine readable identifiers. From the point of view of enabling DRM schemes, any identifier is acceptable, even if it is fairly soft and easily changed. So the objections do not prevent the outcome they wish to prevent while preventing outcomes that might be beneficial. Any security scheme that is worth having is going to change the accessibility of information. That is intrinsic to the function. On Mon, Jul 12, 2010 at 2:39 PM, Martin Rex <mrex@xxxxxxx> wrote: > Phillip Hallam-Baker wrote: >> >> The simplest, cleanest solution to this problem is to either have a >> device cert installed during manufacture or to employ my alternative >> scheme designed for low performance devices that does not require them >> to perform public key cryptography on the end point device (patent >> pending, all rights reserved). > > Personally, I'm heavily opposed to an approach along these lines. > It is a big plus that MAC addresses can be trivially changed, > and I regularly connect with random MACs in public places. > > Several years ago, Intel came out with a unique identifier in their > Pentium CPU. The market did not take it very well, at least here > in Europe. I remember BIOS options to enable/disable the unique > CPU ID, and it was disabled on all the machines I have been using > (and AFAIK, it was disabled on all PCs distributed by my companies > IT department). Talking about it, I do not remember having seen such > a bios option for many year -- may I assume that the unique identifier > was removed from Intel CPUs entirely? > > > Personally, I'm somewhat less concerned about a unique or fixed ID in > my DSL-router. I have only one DSL subscription with one single ISP, > and I need to authenticate to my ISP with userid&pass -- which makes > we wonder why should there be a unique/fixed ID in that device, > it is absolutely unnecessary. > > > -Martin > -- Website: http://hallambaker.com/ _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf