> -----Original Message----- > From: Bernard Aboba [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 21, 2007 9:52 AM > To: Joseph Salowey (jsalowey); [EMAIL PROTECTED]; [email protected] > Subject: RE: [Emu] RE: draft-simon-emu-rfc2716bis-07.txt > > > [rmh] As for the value, EAP is not 802.11 only > therefore a device id > >should not be a MAC, also a MAC has locally administered and > globally > >adminstered versions, you would probably want to restrict the use to > >the globally issued ones, then there are the privacy issues > since the > >MAC is used as a source address a attacker can presume if a EAP > >authentication is successful the MAC used in the source address was > >authenticated. I think there are other issues related to it > being a MAC > >address that should be thought through before it is added; > especially > >if its not even common practice today which it doesnt apear to be. > > > > [Joe] I think we are in agreement here. > > Use of the MAC address as an EAP-TLS identity is not yet > common practice. > Yet both IEEE 802.1AR and WiMAX documents talk about use of > MAC addresses in certificates (using different formats), so > it could be used more widely in the future. > [Joe] IEEE802.1AR is going down a different path then using MAC address in certificates. I don't know about WiMAX.
> I agree that using a locally administered MAC address as an > identity in EAP-TLS does not make sense. > > Do we have proposed text to deal with this issue? [Joe] What is the issue? _______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
