[120520] in North American Network Operators' Group
Re: IGMP and PIM protection
daemon@ATHENA.MIT.EDU (Scott Morris)
Wed Dec 23 09:28:12 2009
Date: Wed, 23 Dec 2009 09:24:44 -0500
From: Scott Morris <swm@emanon.com>
To: Glen Kent <glen.kent@gmail.com>
In-Reply-To: <92c950310912230617x34a84839o4fb9c74f2337f880@mail.gmail.com>
Cc: nanog@nanog.org
Reply-To: swm@emanon.com
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
So we're looking to complicate things for the same of complicating
them? Using a predictable "security" doesn't exactly make things secure
does it?
On the links that you are running PIM or IGMP on, do you not have a
predictable set of clients and therefore problems? Or are we trying to
protect against something I'm not thinking of? ;)
Scott
Glen Kent wrote:
>> Would encrypting multicast not fundamentally break the concept of multicast
>> itself, unless you're encrypting multicast traffic over a backbone?
>>
>>
>
> No, i wasnt alluding to encrypting the multicast traffic. I was
> thinking of using ESP-NULL (AH is optional) for the IGMP/PIM packets.
>
> Affably,
> Kent
>
>
>
