Re: Re: Re: [ssm] SSM with IPSec
Hugh Holbrook <holbrook@cisco.com> Wed, 15 January 2003 17:49 UTC
Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA04925 for <ssm-archive@lists.ietf.org>; Wed, 15 Jan 2003 12:49:53 -0500 (EST)
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h0FI4LJ29830; Wed, 15 Jan 2003 13:04:22 -0500
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h0FHvcJ29516 for <ssm@optimus.ietf.org>; Wed, 15 Jan 2003 12:57:38 -0500
Received: from sj-msg-core-1.cisco.com (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA04722 for <ssm@ietf.org>; Wed, 15 Jan 2003 12:42:24 -0500 (EST)
Received: from holbrook-laptop.cisco.com (sjc-vpn1-676.cisco.com [10.21.98.164]) by sj-msg-core-1.cisco.com (8.12.2/8.12.2) with ESMTP id h0FHjbFp026386; Wed, 15 Jan 2003 09:45:37 -0800 (PST)
Received: by holbrook-laptop.cisco.com (Postfix, from userid 500) id 9E3FD10B7A7; Wed, 15 Jan 2003 12:43:22 -0500 (EST)
From: Hugh Holbrook <holbrook@cisco.com>
To: Toerless Eckert <eckert@cisco.com>
Cc: Hugh Holbrook <holbrook@cisco.com>, Brad Huntting <huntting@glarp.com>, ssm@ietf.org, mbaugher@cisco.com, bew@cisco.com
In-reply-to: <20030115171137.GK2103@cypher.cisco.com>
Subject: Re: Re: Re: [ssm] SSM with IPSec
Reply-To: holbrook@cisco.com
Message-Id: <20030115174322.9E3FD10B7A7@holbrook-laptop.cisco.com>
Date: Wed, 15 Jan 2003 12:43:22 -0500
Sender: ssm-admin@ietf.org
Errors-To: ssm-admin@ietf.org
X-BeenThere: ssm@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/ssm>, <mailto:ssm-request@ietf.org?subject=unsubscribe>
List-Id: Source-Specific Multicast <ssm.ietf.org>
List-Post: <mailto:ssm@ietf.org>
List-Help: <mailto:ssm-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/ssm>, <mailto:ssm-request@ietf.org?subject=subscribe>
I'm not sure. I think it will be somewhat easier but I suspect not "much easier" to do an SSM-only solution. But I don't know and I'm waiting to see the msec proposal. I do think it would be prudent to take your points under consideration when looking at the msec proposal, though. -Hugh > Date: Wed, 15 Jan 2003 09:11:37 -0800 > From: Toerless Eckert <eckert@cisco.com> > Cc: Brad Huntting <huntting@glarp.com>, ssm@ietf.org, > mbaugher@cisco.com, bew@cisco.com > > On Wed, Jan 15, 2003 at 11:48:22AM -0500, Hugh Holbrook wrote: > > > > I agree with you, and I didn't mean to imply that this was an SSM-only > > problem. NTP is a good example of an ASM app that has the same > > problem. The fact that this problem occurs with ASM is a complicating > > factor in determining the right solution (which is a major reason that > > I don't want to tackle it in SSM). > > I don't yet understand the details of the key management yet, but > correct me if i'm wrong: Wouldn't a solution with channel-only > support (eg: SSM only) be able to be much easier than one that > needs to support a multi-source group concept ? Given that simplicity > is one key argument for SSM, it would be good if the security solution > in support of SSM was not necessarily encumbered by additional > complexity only required for ASM. Eg: probably have two approaches, > one that will only work with SSM and one which will work for ASM > but of course also SSM. > > Wrong line of thought ? _______________________________________________ ssm mailing list ssm@ietf.org https://www1.ietf.org/mailman/listinfo/ssm
- [ssm] SSM with IPSec Hugh Holbrook
- Re: [ssm] SSM with IPSec Brian Haberman
- Re: [ssm] SSM with IPSec Brad Huntting
- Re: Re: [ssm] SSM with IPSec Hugh Holbrook
- Re: [ssm] SSM with IPSec Mark Baugher
- Re: Re: [ssm] SSM with IPSec Toerless Eckert
- Re: Re: Re: [ssm] SSM with IPSec Hugh Holbrook
- Re: Re: Re: [ssm] SSM with IPSec Mark Baugher
- Re: Re: Re: [ssm] SSM with IPSec Toerless Eckert
- Re: Re: Re: [ssm] SSM with IPSec Mark Baugher
- Re: Re: Re: [ssm] SSM with IPSec Toerless Eckert