Not every machine on the Internet has an Ethernet card with a MAC address,
otherwise it might not be such a bad idea. I think using the MAC address is
an excellent idea for software protection schemes (it's a lot more elegant
than a hardware key such as a dongle), but nobody seems interested in that.
Nobody is interested in it because it doesn't work.
The Ethernet spec requires that each card have a unique MAC address
that's burnt onto the card. However, due to some truly wierd stuff
done by DecNet "way back when", cards were *also* required to support
loading a new MAC address on the fly.
So to pirate a softare package that locks based on the MAC address, all
you have to do is pirate it off any compatible machine on any subnet
other than your own. You can even pirate it off your own subnet
if you don't care about ARP working. ;)
Both of those positions seem odd. The first because not all boxes have
unique MAC addresses, and not merely because of the "locally administrated"
nonsense or even because not all boxes have Ethernet interfaces, although
the second of those is a good reason. Another good reason is that all of
the major and reputable Ethernet vendors I've heard of have accidentally
shipped significant numbers of Ethernet interfaces with duplicate MAC
addresses. In theory it's trivial to assign unique MAC addresses, but in
practice it is very hard to do it right all of the time.
Note also that many outfits have been using MAC addresses and other
tactics other than dongles to do node locking for at least 15 years.
I've heard rumors that Windows 2000 will join that creaky old bandwagon,
I assume by using what Microsoft calls a GUID for the obvious.
The stuff about breaking software "node locking" is just as odd.
Never mind that all the systems I've worked on did the right thing
even while using a locally assigned MAC address when an application
asked for the permanent, offical address. The statement about prirates
assumes that they'll will abide by the hope in the locked software
that when it askes the operating system and libraries for MAC address,
it gets any of the host's MAC addresses instead of some other 6 byte
string that is more convenient for the pirate. In other words, why
would you bother the network machinery instead of, for example,
improving the dynamic library that contains the system call wrappers?
...
About local addresses, neighbors passing each other's traffic, unlikely
commercial cooperation, and so forth--does no one remember UUCP,
perhaps before the Mapping Project tried (and failed) to make hostnames
globally unique?
...
I'm flummoxed by the reawakening of the years IPng argument. All of
the positions stated seem very familiar, both those that I think
are better ideas than IPv6 and those that I still think are crazy.
Does anyone really hope that anything decided, discussed or considered
now will have any positive effect? What can you expect to do by
re-opening the can--no--train load of worms except delay IPv6 by
another 10 years to recapitulate the entire sorry history, including
highlights such as the decision of the IAB to throw away TCP/IP and
switch to the OSI protocol suite? If you did restart history, how
would you hope to avoid yet another restart in about 2010?
Aren't the years of IPng flaming in the main IETF list captured
somewhere so that those of us who were not overjoyed by the first
edition can rest in peace?
Vernon Schryver vjs(_at_)rhyolite(_dot_)com