RFC 1949 (rfc1949) - Page 1 of 18
Scalable Multicast Key Distribution
Alternative Format: Original Text Document
Network Working Group A. Ballardie
Request for Comments: 1949 University College London
Category: Experimental May 1996
Scalable Multicast Key Distribution
Status of this Memo
This memo defines an Experimental Protocol for the Internet
community. This memo does not specify an Internet standard of any
kind. Discussion and suggestions for improvement are requested.
Distribution of this memo is unlimited.
Abstract
The benefits of multicasting are becoming ever-more apparent, and its
use much more widespread. This is evident from the growth of the
MBONE [1]. Providing security services for multicast, such as traffic
integrity, authentication, and confidentiality, is particularly
problematic since it requires securely distributing a group (session)
key to each of a group's receivers. Traditionally, the key
distribution function has been assigned to a central network entity,
or Key Distribution Centre (KDC), but this method does not scale for
wide-area multicasting, where group members may be widely-distributed
across the internetwork, and a wide-area group may be densely
populated.
Even more problematic is the scalable distribution of sender-specific
keys. Sender-specific keys are required if data traffic is to be
authenticated on a per-sender basis.
This memo provides a scalable solution to the multicast key
distribution problem.
NOTE: this proposal requires some simple support mechanisms, which,
it is recommended here, be integrated into version 3 of IGMP. This
support is described in Appendix B.
1. Introduction
Growing concern about the integrity of Internet communication [13]
(routing information and data traffic) has led to the development of
an Internet Security Architecture, proposed by the IPSEC working
group of the IETF [2]. The proposed security mechanisms are
implemented at the network layer - the layer of the protocol stack at
which networking resources are best protected [3].
Ballardie Experimental
