Phillip Hallam-Baker wrote:
The simplest, cleanest solution to this problem is to either have a
device cert installed during manufacture or to employ my alternative
scheme designed for low performance devices that does not require them
to perform public key cryptography on the end point device (patent
pending, all rights reserved).
Personally, I'm heavily opposed to an approach along these lines.
It is a big plus that MAC addresses can be trivially changed,
and I regularly connect with random MACs in public places.
Several years ago, Intel came out with a unique identifier in their
Pentium CPU. The market did not take it very well, at least here
in Europe. I remember BIOS options to enable/disable the unique
CPU ID, and it was disabled on all the machines I have been using
(and AFAIK, it was disabled on all PCs distributed by my companies
IT department). Talking about it, I do not remember having seen such
a bios option for many year -- may I assume that the unique identifier
was removed from Intel CPUs entirely?
Personally, I'm somewhat less concerned about a unique or fixed ID in
my DSL-router. I have only one DSL subscription with one single ISP,
and I need to authenticate to my ISP with userid&pass -- which makes
we wonder why should there be a unique/fixed ID in that device,
it is absolutely unnecessary.
-Martin
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf