Hi,
Yes, IPsec allows for a Class D address (multicast)
with no change. As far as a multicast receiver is
concerned, the packet will be an IPsec packet that
will be treated in the usual IPsec manner.
The IPsec indexing triplet <SPI, DestAddr, ProtocolType>
remains the same.
The problem is that IKE is a pairwise key/SA establishment
protocol, which cannot be used as is within a group/multicast
context.
The MSEC WG is working precisely on this topic.
Their drafts can be found on www SecureMulticast.org.
cheers,
thomas
------
At 4/4/01||12:58 AM, you wrote:
hi,
Does any one have any idea if we can use IPSec with
multicast address. In RFC-2401 I have read
"In principle, the Destination Address may be a
unicast address, an IP broadcast address, or a
multicast group address. However, IPsec SA management
mechanisms currently are defined only for unicast
SAs."
they have explained how to use multicast address in
IPSec SA, in principle.
but this RFC was published in 1998. nothing changed
till now?
thanks
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/