Thread Links Date Links
Thread Prev Thread Next Thread Index Date Prev Date Next Date Index

RE: [STDS-802-21] NISTIR 7298 link



Hi, 

I can only see the preceding message in this thread for some reason.  (I am assuming this is a TGd thread)

Can I ask a clarifying question? 

Are we protecting access to multicast content, or protecting users' data streams from being rehomed passed to another link due to someone else's movement?

If we are authenticating or keying for multicast content protection, then the group keying mechanisms from MSEC are applicable.

If we are performing authentication to prevent content stealing or DoS, it is still possible we are looking at a one-to-one trust mechanism, where the wireless client proves its identity to the network, and the network determines if it has a trust chain back to an authority trusted by the client.

How this proof of trust occurs is orthogonal to the base signalling mechanism, and could be an existing two-party certificate exchange system, or group oriented.

The host is effectively only in one (or a few places) at a time, and when the device proves that it is valid for Unicast, it also proves it is valid for Multicast (but may not be selecting to move its streams)


Sincerely,

Greg

> Hi Charles,
> 
> (2012/07/19 7:04), Charles E. Perkins wrote:
> > Hello folks,
> >
> > Here are some materials on secure multicast.
> >       http://datatracker.ietf.org/wg/msec/charter/
> >
> > Please let me know whether these are applicable, and what else might
> > be needed for securing wide-area multicast.
> >
> > While I do see that neighboring MIH domains have use cases for
> > multicast, I am confused about how it might be that such use cases
> > could apply to groups of networks with thousands of PoSs.
> 
> If IP multicast is always available to support groups of networks with
> thousands of PoSs, then we should just use it, but my point is that is not
> always the case (i.e., there may be some router that does not support IP
> multicast).  I think application-layer multicast can fill the gap.  On the
> other hand, application-layer multicast does not have to be based on
> RELOAD/DHT.
> 
> Regards,
> Yoshihiro Ohba
> 

Greg Daley 
Solutions Architect
Logicalis Australia Pty Ltd
gdaley@xxxxxxxxxxxxxxxx
t +61 3 8532 4042
m +61 401 772 770