While the fingerprint of the cert can be used as a globally unique identifier, this approach has advantages and disadvantages. Pro: There is no cost to generating the cert, the cert can be generated after the device ships Con: There is no cost to generating the cert, the cert can be generated after the device ships. Thus there is no degree of accountability established in the presentation of a cert. If a user abuses the network (e.g. to send spam) there is no bar to prevent them ditching the banned cert and re-applying for another. Con: Existing management infrastructure is designed around the communication of MAC addresses. Most computer system retailers servicing the enterprise space already communicate the MAC address of equipment to customers as part of the shipping process. Infrastructure to support additional identifiers would have to be built out separately and to avoid birthday paradox collisions, randomly unique identifiers need to be twice as long as assigned ones making use of simple barcodes impossible. The IETF requirements can be met with cert fingerprints, the general case requirement for accountability cannot without some party providing rate limiting somewhere in the system. On Mon, Jul 12, 2010 at 11:12 PM, Donald Eastlake <d3e3e3@xxxxxxxxx> wrote: > See belos ... > >> On Mon, Jul 12, 2010 at 12:07 PM, Phillip Hallam-Baker <hallam@xxxxxxxxx> >> wrote: >>> >>> No, if you read my book you would see the scheme I am proposing. >>> >>> The problem with current MAC addresses is that they are not >>> trustworthy. That is accepted. If MAC addresses were not trivially >>> forged then the existing WiFi scheme would work fine. >>> >>> ... >>> >>> Instead every device would have been issued with a device cert to bind >>> the MAC address to a public key during manufacture. This is already a >>> requirement for cable modems. The cost is of the order of cents per >>> device if the certs are installed during manufacture. Maintenance >>> costs get much higher as soon as the device has left the factory. > > I don't see any need for the MAC address to be bound. If the device > has a build in cert, you can use that, regardless of what the MAC > address is, to authenticate and secure communications. > > Isn't this provided by 802.1AR-2009? ( Available from > http://standards.ieee.org/getieee802/802.1.html ) > >>> The function of the certificate is to stop the MAC address being >>> trivially forged. OK yes, if you design the protocols wrong then you >>> can end up with Cisco being able to intercept on the wire traffic. But >>> if you do the job right you can prevent interception even if the >>> manufacturer defects. >>> >>> ... >>> > -- Website: http://hallambaker.com/ _______________________________________________ Ietf mailing list Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf