I am having difficulty seeing the value in this whole line of argument. What is the value in binding one random number (the public key) to an EUI-64?
If we were writing some mechanism that would be acting on the network level, 802.1x or whatever, I could see some point. But even then, I am going to need authorization and I can layer my authorization over a 128 bit truncation of a digest of the public key just as easily as an EUI-64. Yes, we do have a few applications where we do this sort of thing like in set-top-boxes but that is really about authorization, the point being it has some certificate saying the device obeys some DMCA content control tech. And the point is that the cert was issued by a trusted authority, the MAC address is pretty much ignored. Another problem that is probably non-obvious unless you have tried to deploy such schemes like I did for a while is that you will run into really loud and determined resistance from the French government where there is an entire section of the foreign office worries about these things. And they have a very real point. The problem is that if you establish a root of authority for credentialing anything, that becomes a control point which could be used in a trade dispute.
_______________________________________________ TLS mailing list -- tls@ietf.org To unsubscribe send an email to tls-le...@ietf.org
