I started work on some but it will take me a few days to get to finishing it, I sugest we leave it out here and include text in a appendix to cover it. Ryan
________________________________ From: Bernard Aboba [mailto:[EMAIL PROTECTED] Sent: Wed 2/21/2007 9:51 AM To: [EMAIL PROTECTED]; Ryan Hurst; [email protected] Subject: RE: [Emu] RE: draft-simon-emu-rfc2716bis-07.txt > [rmh] As for the value, EAP is not 802.11 only therefore a >device id should not be a MAC, also a MAC has locally administered and >globally adminstered versions, you would probably want to restrict the >use to the globally issued ones, then there are the privacy issues since >the MAC is used as a source address a attacker can presume if a EAP >authentication is successful the MAC used in the source address was >authenticated. I think there are other issues related to it being a MAC >address that should be thought through before it is added; especially if >its not even common practice today which it doesnt apear to be. > > [Joe] I think we are in agreement here. Use of the MAC address as an EAP-TLS identity is not yet common practice. Yet both IEEE 802.1AR and WiMAX documents talk about use of MAC addresses in certificates (using different formats), so it could be used more widely in the future. I agree that using a locally administered MAC address as an identity in EAP-TLS does not make sense. Do we have proposed text to deal with this issue?
_______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
