At 11:59 AM -0800 12/26/07, Bernard Aboba wrote:
> >Merely fixing the CAPWAP protocol spec is only likely to make the>situation worse, not better, because then we'd have two ways of doing >the same thing with more on the way. I agree that making capwap right is problematic, given the extant PKIs that have been created. However there should be no question that use of the CN to encode a MAC address in an X.509 cert is inappropriate. I think the cited text is pretty clear on that point, not to mention the inclusion of two CNs in the cable model cert spec! Who, specifically, do you suggest that we contact at each organization?For IEEE 802.1ar, the contact is the chair of the IEEE 802.1, Tony Jeffree or the Vice-Chair, Paul Congdon (paul_congdon@xxxxxx). For IEEE 802.16, it would be the Chair, Roger Marks. As the IETF liaison to IEEE 802, I can help in email'ing the folks above, assuming that there is a communication to share from PKIX WG.For the WiMAX Forum it would be Russ Housley, who is currently authoring the device and server certificate documents.
Thanks, I'l work with Tim Polk and Russ to follow through. Steve