I beleive that 802.11AR still allows for the device ID to be a MAC address, atleast the last version I read did although they have gone from that being the ID to the ID being one that could be a MAC address. I think the issue is the same one you have been calling out, if I have a device where should the device identity go. And to that end, if that identity is a MAC address what are the security concerns. Ryan
________________________________ From: Joseph Salowey (jsalowey) [mailto:[EMAIL PROTECTED] Sent: Wed 2/21/2007 9:56 AM To: Bernard Aboba; Ryan Hurst; [email protected] Subject: RE: [Emu] RE: draft-simon-emu-rfc2716bis-07.txt > -----Original Message----- > From: Bernard Aboba [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 21, 2007 9:52 AM > To: Joseph Salowey (jsalowey); [EMAIL PROTECTED]; [email protected] > Subject: RE: [Emu] RE: draft-simon-emu-rfc2716bis-07.txt > > > [rmh] As for the value, EAP is not 802.11 only > therefore a device id > >should not be a MAC, also a MAC has locally administered and > globally > >adminstered versions, you would probably want to restrict the use to > >the globally issued ones, then there are the privacy issues > since the > >MAC is used as a source address a attacker can presume if a EAP > >authentication is successful the MAC used in the source address was > >authenticated. I think there are other issues related to it > being a MAC > >address that should be thought through before it is added; > especially > >if its not even common practice today which it doesnt apear to be. > > > > [Joe] I think we are in agreement here. > > Use of the MAC address as an EAP-TLS identity is not yet > common practice. > Yet both IEEE 802.1AR and WiMAX documents talk about use of > MAC addresses in certificates (using different formats), so > it could be used more widely in the future. > [Joe] IEEE802.1AR is going down a different path then using MAC address in certificates. I don't know about WiMAX. > I agree that using a locally administered MAC address as an > identity in EAP-TLS does not make sense. > > Do we have proposed text to deal with this issue? [Joe] What is the issue?
_______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
