Re: Multicast with VPN

To: ietf at ietf.org
Subject: Re: Multicast with VPN
From: Thomas Hardjono <thardjono at yahoo.com>
Date: Wed, 4 Apr 2001 12:36:20 -0700 (PDT)
Cc: dietf at yahoo.com

Hi,

Yes, IPsec allows for a Class D address (multicast)
with no change.  As far as a multicast receiver is
concerned, the packet will be an IPsec packet that
will be treated in the usual IPsec manner.
The IPsec indexing triplet <SPI, DestAddr, ProtocolType>
remains the same.

The problem is that IKE is a pairwise key/SA establishment
protocol, which cannot be used as is within a group/multicast
context.

The MSEC WG is working precisely on this topic.
Their drafts can be found on www SecureMulticast.org.

cheers,

thomas
------


At 4/4/01||12:58 AM, you wrote:
hi,
Does any one have any idea if we can use IPSec with
multicast address. In RFC-2401 I have read 
"In principle, the Destination Address may be a
unicast address, an IP broadcast address, or a
multicast group address.  However, IPsec SA management
mechanisms currently are defined only for unicast
SAs." 
they have explained how to use multicast address in
IPSec SA, in principle.
but this RFC was published in 1998. nothing changed
till now?
thanks


__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/ 


__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

Prev by Date: Re: Fwd: Indianz.com NEWS BRIEFS: APRIL 1, 2001
Next by Date: Re: IESG Response to Copyright appeal
Previous by thread: Re: Multicast with VPN
Next by thread: Decoration Board(wood)
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Multicast with VPN

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.