While the fingerprint of the cert can be used as a globally unique
identifier, this approach has advantages and disadvantages.
Pro: There is no cost to generating the cert, the cert can be
generated after the device ships
Con: There is no cost to generating the cert, the cert can be
generated after the device ships. Thus there is no degree of
accountability established in the presentation of a cert. If a user
abuses the network (e.g. to send spam) there is no bar to prevent them
ditching the banned cert and re-applying for another.
Con: Existing management infrastructure is designed around the
communication of MAC addresses. Most computer system retailers
servicing the enterprise space already communicate the MAC address of
equipment to customers as part of the shipping process. Infrastructure
to support additional identifiers would have to be built out
separately and to avoid birthday paradox collisions, randomly unique
identifiers need to be twice as long as assigned ones making use of
simple barcodes impossible.
The IETF requirements can be met with cert fingerprints, the general
case requirement for accountability cannot without some party
providing rate limiting somewhere in the system.
On Mon, Jul 12, 2010 at 11:12 PM, Donald Eastlake <d3e3e3(_at_)gmail(_dot_)com>
wrote:
See belos ...
On Mon, Jul 12, 2010 at 12:07 PM, Phillip Hallam-Baker
<hallam(_at_)gmail(_dot_)com>
wrote:
No, if you read my book you would see the scheme I am proposing.
The problem with current MAC addresses is that they are not
trustworthy. That is accepted. If MAC addresses were not trivially
forged then the existing WiFi scheme would work fine.
...
Instead every device would have been issued with a device cert to bind
the MAC address to a public key during manufacture. This is already a
requirement for cable modems. The cost is of the order of cents per
device if the certs are installed during manufacture. Maintenance
costs get much higher as soon as the device has left the factory.
I don't see any need for the MAC address to be bound. If the device
has a build in cert, you can use that, regardless of what the MAC
address is, to authenticate and secure communications.
Isn't this provided by 802.1AR-2009? ( Available from
http://standards.ieee.org/getieee802/802.1.html )
The function of the certificate is to stop the MAC address being
trivially forged. OK yes, if you design the protocols wrong then you
can end up with Cisco being able to intercept on the wire traffic. But
if you do the job right you can prevent interception even if the
manufacturer defects.
...
--
Website: http://hallambaker.com/
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf