IETF Logo Mail Archive

Re: Re: Re: [ssm] SSM with IPSec

Hugh Holbrook <holbrook@cisco.com> Wed, 15 January 2003 17:49 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA04925 for <ssm-archive@lists.ietf.org>; Wed, 15 Jan 2003 12:49:53 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h0FI4LJ29830; Wed, 15 Jan 2003 13:04:22 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h0FHvcJ29516 for <ssm@optimus.ietf.org>; Wed, 15 Jan 2003 12:57:38 -0500
Received: from sj-msg-core-1.cisco.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA04722 for <ssm@ietf.org>; Wed, 15 Jan 2003 12:42:24 -0500 (EST)
Received: from holbrook-laptop.cisco.com (sjc-vpn1-676.cisco.com [10.21.98.164]) by sj-msg-core-1.cisco.com (8.12.2/8.12.2) with ESMTP id h0FHjbFp026386; Wed, 15 Jan 2003 09:45:37 -0800 (PST)
Received: by holbrook-laptop.cisco.com (Postfix, from userid 500) id 9E3FD10B7A7; Wed, 15 Jan 2003 12:43:22 -0500 (EST)
From: Hugh Holbrook <holbrook@cisco.com>
To: Toerless Eckert <eckert@cisco.com>
Cc: Hugh Holbrook <holbrook@cisco.com>, Brad Huntting <huntting@glarp.com>, ssm@ietf.org, mbaugher@cisco.com, bew@cisco.com
In-reply-to: <20030115171137.GK2103@cypher.cisco.com>
Subject: Re: Re: Re: [ssm] SSM with IPSec
Reply-To: holbrook@cisco.com
Message-Id: <20030115174322.9E3FD10B7A7@holbrook-laptop.cisco.com>
Date: Wed, 15 Jan 2003 12:43:22 -0500
Sender: ssm-admin@ietf.org
Errors-To: ssm-admin@ietf.org
X-BeenThere: ssm@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ssm>, <mailto:ssm-request@ietf.org?subject=unsubscribe>
List-Id: Source-Specific Multicast <ssm.ietf.org>
List-Post: <mailto:ssm@ietf.org>
List-Help: <mailto:ssm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ssm>, <mailto:ssm-request@ietf.org?subject=subscribe>

I'm not sure.

I think it will be somewhat easier but I suspect not "much easier" to
do an SSM-only solution.  But I don't know and I'm waiting to see the
msec proposal.  I do think it would be prudent to take your points
under consideration when looking at the msec proposal, though.

-Hugh

> Date: Wed, 15 Jan 2003 09:11:37 -0800
> From: Toerless Eckert <eckert@cisco.com>
> Cc: Brad Huntting <huntting@glarp.com>, ssm@ietf.org,
> 	mbaugher@cisco.com, bew@cisco.com
> 
> On Wed, Jan 15, 2003 at 11:48:22AM -0500, Hugh Holbrook wrote:
> > 
> > I agree with you, and I didn't mean to imply that this was an SSM-only
> > problem.  NTP is a good example of an ASM app that has the same
> > problem.  The fact that this problem occurs with ASM is a complicating
> > factor in determining the right solution (which is a major reason that
> > I don't want to tackle it in SSM).
> 
> I don't yet understand the details of the key management yet, but
> correct me if i'm wrong: Wouldn't a solution with channel-only
> support (eg: SSM only) be able to be much easier than one that
> needs to support a multi-source group concept ? Given that simplicity
> is one key argument for SSM, it would be good if the security solution
> in support of SSM was not necessarily encumbered by additional
> complexity only required for ASM. Eg: probably have two approaches,
> one that will only work with SSM and one which will work for ASM
> but of course also SSM.
> 
> Wrong line of thought ?

_______________________________________________
ssm mailing list
ssm@ietf.org
https://www1.ietf.org/mailman/listinfo/ssm

v2.23.0 | Report a Bug | By Email