Kevin C. Almeroth wrote:
Multicast is necessarily a LOT weaker:
1) I can get a copy of packets by normal operation
(join a group). there is no equivalent for UDP,
notably for paths that aren't shared.
Again, not in all cases. You over-simplify the effectiveness of scoping.
Unicast has TTLs too.
You can't have it both ways. Yes, there is a situation where you can obtain
a copy of a multicast packet through standard operation. But the fact
that scoping and addressing make it non-trivial
Agreed - scoping sets some boundaries, but it's primitive as a
'security' mechanism, because everyone within those boundaries can very
easily get a backet.
The same is just not nearly as true for unicast.
2) UDP has application, network, and tunnel encryption that
is both widely deployed and widely used. there is
no equivalent for multicast.
I disagree... a number of commercial multicast apps have encryption.
Agreed. What I am asserting (by the above) is that security is clearly
important to the average user, and that the average user won't accept
obfuscation as a solution.
Joe