[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IPSEC & Multipoint
IPSEC & Multipoint
Regarding IPSP and support for multipoint communications:
>Date: 6 Jul 93 13:13:04 -0400
>From: Ran Atkinson <atkinson@itd.nrl.navy.mil>
>To: ipsec@ans.net,
>
>I have a couple of comments on the agenda...
>
> ...
> ... Also conference
control security
> is a problem for the working group on internet conferencing not for
> IPSP. The conference control problem is not necessarily best solved
> at the IP layer and the IPSP WG should narrow its focus to IP security.
and
>From: Stuart Stubblebine <stubble@ISI.EDU>
>
>1. I agree with Ran that conference control is not what needs to be
>addressed in the IPSEC WG meeting. Instead the -shortened- item of
>"multicasting" is the requirement/consideration at the network layer for
the
>scalability of secure conferencing. For secure conferencing, the security
>services of data confidentiality and data origin authentication should
scale
>well for datagrams addressed to large multicast groups. (Furthermore, the
>time to process the datagrams should be minimal.)
I did not put *conference control* on the agenda, only multicast and
conferencing. I agree that conference control is not in the scope of the IP
Security Protocol (IPSP), but we need to document the IPSP mechanisms that
support mulipoint communications.
Not all IP communications are point-to-point. Broadcast, multicast, or
multipoint communications all require special cryptographic considerations.
The key used to decrypt multipoint traffic must be available to all
recipients. This impacts the way that security identifiers need to be
allocated in the IPSP clear header. Some portion of the identifier space
needs to be reserved for multipoint communications.
Conferencing is just one application of the multipoint mechanism and I will
remove this specific reference from the agenda.
Paul