On 29 Aug 2015, at 09:36, Alan DeKok <aland@deployingradius.com> wrote:
On Aug 28, 2015, at 11:42 PM, Danner, Mearl <jmdanner@samford.edu> wrote:
FYI. Haven't seen it mentioned here. Will create many headaches for folks using MAC authorization.
https://www.ietf.org/proceedings/93/slides/slides-93-intarea-5.pdf
Apple IOS 8 also.
I've been following that for a while, and was at the meeting in Prague.
For personal security and privacy, it's a good idea. The end device can still be identified via other means, but they're not as good / unique.
MAC auth was always a hack. People should use 802.1X instead.
Mac authentication is for the random crap on the *WIRED* network which either doesn't support 802.1X or has a broken 802.1X supplicant. This will force people to move to better security practices, performing proper machine and user authentication. Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2