Re: DTLS and multicast - Openssl

This is a discussion on Re: DTLS and multicast - Openssl ; Yes, SRTP would be a solution, or my own RTP profile would be a solution. About DTLS: where is the problem with multicast: it simply does not havea method of sharing the keys OR it won't send the encrypting datagrams ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Re: DTLS and multicast

  1. Re: DTLS and multicast

    Yes, SRTP would be a solution, or my own RTP profile would be a solution.
    About DTLS: where is the problem with multicast: it simply does not havea method of sharing the keys OR it won't send the encrypting datagrams to a multicast address?
    Thank you very much,
    Andrei



    ----- Original Message ----
    From: Ariel Salomon
    To: "openssl-users@openssl.org"
    Sent: Friday, June 13, 2008 5:23:43 PM
    Subject: Re: DTLS and multicast


    hi Andrei,

    ** DTLS does not support multicast.* For multicast group security, you should look into the IETF MSEC group standards for key distribution, which can be used for SRTP.

    * - Ariel

    Andrei Iarus wrote:
    ***Hello,
    *
    Does DTLS support multicasting and if yes, does the OpenSSL implementation support it? I need to secure some kind of RTP transmission that uses multicast.
    *
    Thank you.



    --
    - Ariel Salomon / SeniorSoftware Engineer
    Real-Time Innovations (RTI) / www.rti.com
    408 990-7439 / ariel@rti.com

    RTI - The Real-Time Middleware Experts





  2. Re: DTLS and multicast

    It doesn't have a method for sharing the keys. Since TLS (and DTLS)
    are designed to prevent man-in-the-middle attacks, each endpoint adds
    its own parameters to the cryptographic mishmash during the key
    negotiation phase. This would require each multicast listener to get
    its own specially-encrypted stream, which would defeat the purpose of
    multicasting.

    -Kyle H

    On Fri, Jun 13, 2008 at 2:43 PM, Andrei Iarus wrote:
    > Yes, SRTP would be a solution, or my own RTP profile would be a solution.
    >
    > About DTLS: where is the problem with multicast: it simply does not have a
    > method of sharing the keys OR it won't send the encrypting datagrams to a
    > multicast address?
    >
    >
    >
    > Thank you very much,
    >
    > Andrei
    >
    > ----- Original Message ----
    > From: Ariel Salomon
    > To: "openssl-users@openssl.org"
    > Sent: Friday, June 13, 2008 5:23:43 PM
    > Subject: Re: DTLS and multicast
    >
    >
    > hi Andrei,
    >
    > DTLS does not support multicast. For multicast group security, you
    > should look into the IETF MSEC group standards for key distribution, which
    > can be used for SRTP.
    >
    > - Ariel
    >
    > Andrei Iarus wrote:
    >
    > Hello,
    >
    > Does DTLS support multicasting and if yes, does the OpenSSL implementation
    > support it? I need to secure some kind of RTP transmission that uses
    > multicast.
    >
    > Thank you.
    >
    >
    > --
    > - Ariel Salomon / Senior Software Engineer
    > Real-Time Innovations (RTI) / www.rti.com
    > 408 990-7439 / ariel@rti.com
    >
    > RTI - The Real-Time Middleware Experts
    >
    >

    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


+ Reply to Thread