Issue 219: Encoding of MAC Address in X.509 certificate needs to be clear - CAPWAP issue tracker

Title	Encoding of MAC Address in X.509 certificate needs to be clear
Priority	bug	Status	chatting
Superseder		Nosy List	pcalhoun
Assigned To	pcalhoun	Topics

Created on 2008-10-09.21:25:02 by pcalhoun, last changed 2008-10-09.21:25:09 by pcalhoun.

Messages
msg611 (view)	Author: pcalhoun	Date: 2008-10-09.21:25:09
> Fair enough, and I see that we were not very specific in this regard. > I believe the text should read: > > <proposed text> > CAPWAP implementations MUST support certificates where the common > name (CN) for both the WTP and AC is the MAC address of that > device. > The MAC address MUST be encoded in the PrintableString format, > using > the well recognized MAC address format of 01:23:45:67:89:ab. The > CN field MAY contain either of the EUI-48 [EUI-48] or EUI-64 > [EUI-64] > MAC Address formats. This seemingly unconventional use of the CN > field is consistent with other standards that rely on device > certificates that are provisioned during the manufacturing process, > such as Packet Cable [PacketCable], Cable Labs [CableLabs] and > WiMAX > [WiMAX]. > </proposed text>
msg610 (view)	Author: pcalhoun	Date: 2008-10-09.21:25:02
>> Beyond the core of Chris' discuss, there are some interoperability > concerns that should be addressed. The common name >> attribute is a directoryString, which can be encoded using any of > several different string types. As described, the >> MAC address can always be encoded using a PrintableString. While I > would suggest verifying this against the installed >> base, the specification should indicate which string type is used >> with > the common name attribute to represent the MAC >> address.

History
Date	User	Action	Args
2008-10-09 21:25:09	pcalhoun	set	status: unread -> chatting messages: + msg611
2008-10-09 21:25:02	pcalhoun	create