I don't believe that 802.1AR uses the MAC address in the CN field. I
believe it makes use of the SerialNumber field and does not mandate that
the identity must be a MAC address (it doesn't prevent it either). The
current text from draft 1.2 on SubjectName is
"The DevID subject field shall uniquely identify the particular DevID
credential within the issuer's domain of significance. The formatting of
this field shall contain a unique X.500 distinguished name (DN). This
may include the manufacturer's serial number, manufacturer's factory
programmed MAC address, issuer's or user's node name or any other
suitable unique string that the issuer prefers.
It is recommended that the subject field's DN encoding include the
'serialNumber' attribute with the device's unique serial number. "
The current editor of the document, Max Pritikin, is copied on this
message.
Joe