[120533] in North American Network Operators' Group
Re: IGMP and PIM protection
daemon@ATHENA.MIT.EDU (Anton Kapela)
Wed Dec 23 17:33:01 2009
In-Reply-To: <00fa01ca83e4$17e387d0$47aa9770$@net>
Date: Wed, 23 Dec 2009 17:32:11 -0500
From: Anton Kapela <tkapela@gmail.com>
To: Stefan Fouant <sfouant@shortestpathfirst.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Wed, Dec 23, 2009 at 10:24 AM, Stefan Fouant
<sfouant@shortestpathfirst.net> wrote:
> I think OP meant that he only wants an integrity check of the control
> traffic, not confidentiality, hence the statement that he does not want to
> encrypt the control traffic.
I read the OP to mean this, too.
Musing on the idea for a moment, it would surely be 'nice' to somehow
know that PIM v2 joins from some other network were, in fact, 'good'
or somehow well-formed, rate-limited, and/or somehow 'safe' to accept
& hold state for. However, it seems as if the OP isn't interested in
inter-domain "rp protection" -- and probably more interested in
authenticating more local igmp v2/3 joins for STB's and the like.
Glen, clarify?
-Tk
