[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Multicast Key Management (was Re: Anycast)
"Carl F. Muckenhirn" <cfm@columbia.sparta.com> writes:
> Multicast key management isn't hard, just complex.
I dispute that.
We've had the topic come up on several occasions of the problem of
what it means for a group to share a multicast key. In general, any
secret known by more than two people isn't much of a secret any
more. If we find ourselves wanting to authenticate wide scale routing
advertisements and such, this issue becomes critical. Conventional
methods end up providing no security -- just latency.
Anyone remember the amusing discussion at the D.C. IETF where someone
proposed a multicast key management system to deal with television
broadcasts, and folks kept coming up to say "sorry, but how will you
keep anything known by a million people a secret? how does your
"authentication" authenticate anything worth mentioning?"
Multicast key management is only "not hard" in the context of a very
small group of multicast participants all of whom intensely want to
keep the conversation secret and who trust each other not to forge
messages. It might be "obvious" how to do this if you have eight guys
who need to keep a top secret teleconference secure. If you want to
authenticate a message going to 8,000 hosts, on the other hand, the
problem is not nearly so simple.
In the wide scale problem, the only likely solution is the use of
public key for authentication, and at best, encryption is going to buy
you some time keeping away the ankle biters without giving you real
privacy.
Perry
Follow-Ups:
References:
- Anycast
- From: "John Irish" <irishjd@erols.com>
- Re: Anycast
- From: "Carl F. Muckenhirn" <cfm@columbia.sparta.com>