Re: Re: [ssm] SSM with IPSec

Toerless Eckert <eckert@cisco.com> Wed, 15 January 2003 17:19 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA04029 for <ssm-archive@lists.ietf.org>; Wed, 15 Jan 2003 12:19:35 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h0FHY2J27637; Wed, 15 Jan 2003 12:34:02 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h0FHNbJ27016 for <ssm@optimus.ietf.org>; Wed, 15 Jan 2003 12:23:37 -0500
Received: from sj-msg-core-3.cisco.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA03511 for <ssm@ietf.org>; Wed, 15 Jan 2003 12:08:24 -0500 (EST)
Received: from cisco.com (cypher.cisco.com [171.69.11.143]) by sj-msg-core-3.cisco.com (8.12.2/8.12.2) with ESMTP id h0FHB2jS006270; Wed, 15 Jan 2003 09:11:02 -0800 (PST)
Received: (from eckert@localhost) by cisco.com (8.8.8/2.6/Cisco List Logging/8.8.8) id JAA21423; Wed, 15 Jan 2003 09:11:37 -0800 (PST)
Date: Wed, 15 Jan 2003 09:11:37 -0800
From: Toerless Eckert <eckert@cisco.com>
To: Hugh Holbrook <holbrook@cisco.com>
Cc: Brad Huntting <huntting@glarp.com>, ssm@ietf.org, mbaugher@cisco.com, bew@cisco.com
Subject: Re: Re: [ssm] SSM with IPSec
Message-ID: <20030115171137.GK2103@cypher.cisco.com>
References: <200301151557.h0FFv5Lq041831@hunkular.glarp.com> <20030115164822.6B2EF10B7A7@holbrook-laptop.cisco.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20030115164822.6B2EF10B7A7@holbrook-laptop.cisco.com>
User-Agent: Mutt/1.4i
Sender: ssm-admin@ietf.org
Errors-To: ssm-admin@ietf.org
X-BeenThere: ssm@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ssm>, <mailto:ssm-request@ietf.org?subject=unsubscribe>
List-Id: Source-Specific Multicast <ssm.ietf.org>
List-Post: <mailto:ssm@ietf.org>
List-Help: <mailto:ssm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ssm>, <mailto:ssm-request@ietf.org?subject=subscribe>

On Wed, Jan 15, 2003 at 11:48:22AM -0500, Hugh Holbrook wrote:
> 
> I agree with you, and I didn't mean to imply that this was an SSM-only
> problem.  NTP is a good example of an ASM app that has the same
> problem.  The fact that this problem occurs with ASM is a complicating
> factor in determining the right solution (which is a major reason that
> I don't want to tackle it in SSM).

I don't yet understand the details of the key management yet, but
correct me if i'm wrong: Wouldn't a solution with channel-only
support (eg: SSM only) be able to be much easier than one that
needs to support a multi-source group concept ? Given that simplicity
is one key argument for SSM, it would be good if the security solution
in support of SSM was not necessarily encumbered by additional
complexity only required for ASM. Eg: probably have two approaches,
one that will only work with SSM and one which will work for ASM
but of course also SSM.

Wrong line of thought ?
_______________________________________________
ssm mailing list
ssm@ietf.org
https://www1.ietf.org/mailman/listinfo/ssm