Network Working Group T. Hardjono Request for Comments: 3740 Verisign Category: Informational B. Weis Cisco March 2004 The Multicast Group Security Architecture Status of this Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2004). All Rights Reserved. Abstract This document provides an overview and rationale of the multicast security architecture used to secure data packets of large multicast groups. The document begins by introducing a Multicast Security Reference Framework, and proceeds to identify the security services that may be part of a secure multicast solution. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Scope. . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.2. Summary of Contents of Document. . . . . . . . . . . . . 3 1.3. Audience . . . . . . . . . . . . . . . . . . . . . . . . 4 1.4. Terminology. . . . . . . . . . . . . . . . . . . . . . . 4 2. Architectural Design: The Multicast Security Reference Framework. . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.1. The Reference Framework. . . . . . . . . . . . . . . . . 4 2.2. Elements of the Centralized Reference Framework. . . . . 5 2.2.1. Group Controller and Key Server. . . . . . . . . 6 2.2.2. Sender and Receiver. . . . . . . . . . . . . . . 7 2.2.3. Policy Server. . . . . . . . . . . . . . . . . . 7 2.3. Elements of the Distributed Reference Framework. . . . . 8 3. Functional Areas . . . . . . . . . . . . . . . . . . . . . . . 9 3.1. Multicast Data Handling. . . . . . . . . . . . . . . . . 9 3.2. Group Key Management . . . . . . . . . . . . . . . . . . 10 3.3. Multicast Security Policies. . . . . . . . . . . . . . . 11 4. Group Security Associations (GSA). . . . . . . . . . . . . . . 12 4.1. The Security Association . . . . . . . . . . . . . . . . 12 Hardjono & Weis Informational