[rmh] As for the value, EAP is not 802.11 only therefore a device id should not be a MAC, also a MAC has locally administered and globally adminstered versions, you would probably want to restrict the use to the globally issued ones, then there are the privacy issues since the MAC is used as a source address a attacker can presume if a EAP authentication is successful the MAC used in the source address was authenticated. I think there are other issues related to it being a MAC address that should be thought through before it is added; especially if its not even common practice today which it doesnt apear to be.[Joe] I think we are in agreement here.
Use of the MAC address as an EAP-TLS identity is not yet common practice. Yet both IEEE 802.1AR and WiMAX documents talk about use of MAC addresses in certificates (using different formats), so it could be used more widely in the future.
I agree that using a locally administered MAC address as an identity in EAP-TLS does not make sense.
Do we have proposed text to deal with this issue? _______________________________________________ Emu mailing list [email protected] https://www1.ietf.org/mailman/listinfo/emu
