Intel got a bloody nose on that one because they were incompetent and lied.
A few weeks before the launch an Intel person told me about the serial
number scheme as a means of tracking down CPUs stolen during
distribution. Then at the launch we were told how the serial number
was going to enable a new generation of DRM systems (which it did
not). When asked the PR flacks denied the purpose was preventing
theft. Afterward I was told that the history was that some VP was
going to give a keynote and decided they needed something to announce
and so marketing repackaged the anti-theft scheme.
It was a pointless argument as every PC has at least ten unique
machine readable identifiers. From the point of view of enabling DRM
schemes, any identifier is acceptable, even if it is fairly soft and
easily changed. So the objections do not prevent the outcome they wish
to prevent while preventing outcomes that might be beneficial.
Any security scheme that is worth having is going to change the
accessibility of information. That is intrinsic to the function.
On Mon, Jul 12, 2010 at 2:39 PM, Martin Rex <mrex(_at_)sap(_dot_)com> wrote:
Phillip Hallam-Baker wrote:
The simplest, cleanest solution to this problem is to either have a
device cert installed during manufacture or to employ my alternative
scheme designed for low performance devices that does not require them
to perform public key cryptography on the end point device (patent
pending, all rights reserved).
Personally, I'm heavily opposed to an approach along these lines.
It is a big plus that MAC addresses can be trivially changed,
and I regularly connect with random MACs in public places.
Several years ago, Intel came out with a unique identifier in their
Pentium CPU. The market did not take it very well, at least here
in Europe. I remember BIOS options to enable/disable the unique
CPU ID, and it was disabled on all the machines I have been using
(and AFAIK, it was disabled on all PCs distributed by my companies
IT department). Talking about it, I do not remember having seen such
a bios option for many year -- may I assume that the unique identifier
was removed from Intel CPUs entirely?
Personally, I'm somewhat less concerned about a unique or fixed ID in
my DSL-router. I have only one DSL subscription with one single ISP,
and I need to authenticate to my ISP with userid&pass -- which makes
we wonder why should there be a unique/fixed ID in that device,
it is absolutely unnecessary.
-Martin
--
Website: http://hallambaker.com/
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf