foundry27 : Post

Forum Topic - encrypting multicast messages: (2 Items)

View: as

Hayder Mouhammed

05/05/2008 2:15 PM

post7680

Is it possible to encrypt multicast messages with ipsec?

I have tried using:

spdadd 10.4.0.7 231.0.0.1 any -P out ipsec esp/transport//require;
or
spdadd 10.4.0.7 10.4.0.8 any -P out ipsec esp/transport//require;

On the 10.4.0.8 target I have a route from 10.4.0.8 -> 231.0.0.1. When I configure with setkey the messages are 
transmitted, but they are not encrypted.

It says on the setkey man page, that the uppersec parameter doesnt support forwarding, is creating a route treated as a 
forward?

Thanks,
--H

Robert Craig

05/20/2008 12:35 PM

post8273

Re: encrypting multicast messages

Hi Hayder:
   Going through the forums, I noticed that this question was unanswered.  When you think about it, this would mean that
 all members of the multicast group would have to share the same key / algorithm information. This seems to be addressed
 in RFC3740 (which talks about secure multicast groups) where group key management features prominently.  Someone may 
correct me, but I don't believe that this is something that will "just work" out of the box.  It's not something that 
we've looked into but I'm pretty sure that it involves a larger system view rather than just what a single stack is 
capable of.

    Robert.

Return

The text you entered is not a valid object ID
More Information
Object IDs begin with an object prefix and end with a number. For example, if you enter
artf2345
the application will jump directly to an artifact with the ID artf2345. Some valid object prefixes are:
artf	for an artifact
doc	for a document
page	for a project page
topc	for a discussion topic
wiki	for a wiki page