On May 17, 2021, at 9:09 AM, Michael Richardson <[email protected]> wrote: > If MAC addresses become regularly randomized, then what is the unique handle > for each device? While some devices might not randomize their MAC address, > the fact that some do forces management systems to adapt. > I think that the answer is in the shape of hash of public (IDevID) key.
The answer in much of the AAA space is "client cert", which is partially the same thing. For people who want actual MAC addresses, they can leverage the ID in the client cert to look up a server-side table of ID to MAC. Or they can use RFCC 6677 channel bindings. https://datatracker.ietf.org/doc/html/rfc6677 This presumes that the devices are using TLS-based EAP methods in order to authenticate to the network. As time goes on, this seems to be not only more widely true, but also more widely recommended. Alan DeKok. _______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
