On 1/16/06, <b class="gmail_sendername">Priyanka Sinha</b> <<a href="mailto:mottee@gmail.com">mottee@gmail.com</a>> wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>Hi</div>
<div>hmm .. was reading the UIP document, and was wondering
whether self certifying identities may well be replaced by normal
MAC ids .. or perhaps in the light of security some kind of
trusted MAC ids..</div>
<div>am kinda new at thinking abt this stuff.. so would appreciate any comments on this </div>
<div>:)</div>
</blockquote></div><br>
<br>
In large part, the answer depends on what you mean by MAC ID. If you are talking
about the internet at large, you are talking about Ethernet MAC
addresses, no? These addresses are 100% configurable for most ethernet cards, and thus 100%
spoofable. So they'd only be useful if you assume that no malicious
nodes will participate in the network (which is, I think you'd agree, a
naive assumption)[*1], and only if you don't want to tie any useful
information to the ID (such as trust or reputation metrics).<br>
<br>
Of course if you are talking about wireless LANs, it's a different
ballgame. The 802.11 family utilizes the MAC layer precisely to do
things like authentication. But even here, the schemes are likely less
useful than self-certifying identities. For example, most schemes rely
on a shared secret for authentication (WEP keys), and shared secrets
certainly don't scale to the scope of most p2p applications.<br>
<br>
Alen<br>
<br>
<br>
[*1] - the nodes don't even need to be malicious -- when I was in
college, the IT department bought some cheap consumer-grade NICs in
bulk to distribute to on-campus housing. It turns out that the
manufacturer, for whatever reason, shipped hundreds of these NICs with
the same MAC address, wreaking general havoc on the initial network
deployment.<br>