A new IETF working group has been proposed in theSecurity Area.
The IESG has not made any determination as yet.
The following Description was submitted, and is provided for
informational purposes only:
Multicast Security (msec)
-------------------------
Current Status: Proposed Working Group
Mailing Lists:
General Discussion:[EMAIL PROTECTED]
To Subscribe: [EMAIL PROTECTED]
In Body: subscribe
Archive: http://www.pairlist.net/mailman/listinfo/msec
Description of Working Group:
The purpose of the MSEC WG is to standardize protocols for securing
group communication over internets, and in particular over the global
Internet. Initial efforts will focus on scalable solutions for groups
with a single source and a very large number of recipients. Additional
emphasis will be put on groups where the data is transmitted via
IP-layer multicast routing protocols (with or without guaranteed
reliability). The developed standard will assume that each group has a
single trusted entity (the Group Controller) that sets the security
policy and controls the group membership. The standard will strive to
provide at least the following basic security guarantees:
+ Only legitimate group members will have access to current group
communication. This includes groups with highly dynamic membership.
+ Legitimate group members will be able to authenticate the source
and contents of the group communication. This includes cases where
group members do not trust each other.
An additional goal of the standard will be to protect against
denial-of-service attacks, whenever possible.
Due to the large number of one-to-many multicast applications and the
sometimes conflicting requirements these applications exhibit, it is
believed that a single protocol will be unable to meet the requirements
of all applications. Therefore, the WG will first specify a general
framework that includes a number of "functional building blocks". Each
such building block will be instantiated by one or more protocols that
that will be interchangable. The functional building blocks and
protocols developed at the SMUG Rsearch Group of the IRTF will be used
as the starting point for the work of MSEC. Specifically, the following
functional building-blocks will be the basis of the standard:
(BB1) Data security transforms functional building block. This building
block provide for group and source authentication and group
secrecy, assuming that the parties hold the necessary
cryptographic keys. This BB will support both IP-layer and
transport/application layer security services.
(BB2) Group key management and group security association (GSA)
functional building block. This building block makes sure that
the group members have the cryptographic keys needed for BB1.
This includes secure generation, distribution, and update of
the cryptographic keys.
(BB3) Group policy management functional building block. This building
block provides means for determination and disemination of group
security policy, that governs the behavior of BB1 and BB2.
(It is stressed that MSEC will not address general policy
management issues, and will concentrate on mechanisms required
for BB1 and BB2.)
MSEC will work closely with the Secure Multicast (SMUG) and Reliable
Multicast (RMRG), IRTF research groups, and with the Multicast Transport
(RMT), IP Security (IPsec) and Policy (Policy Framework and IPSP) WGs of
the IETF.
DELIVERABLES
MSEC will generate the at least the following documents:
1 An informational RFC describing the security requirements and
problem-space for group and multicast security for one-to-many
communications.
This RFC will be based on draft-irtf-smug-taxonomy-01.txt.
2 An informational RFC that specifies the overall framework for
the solution. This includes specifying the general functionality
of the building blocks and their inter-relations.
This RFC will be based on draft-irtf-smug-framework-01.txt.
3 RFCs detailing the structure and functionality of each
building block.
These RFCs will be based on:
draft-irtf-smug-data-transforms-00.txt
draft-irtf-smug-gkmbb-gsadef-01.txt
draft-irtf-smug-mcast-policy-01.txt
4 Standards-track RFCs describing specific protocols that instantiate
each one of the functional builing blocks. At least one protocol for
instantiating each building block will be standardized.
Some of these RFCs will be based on:
draft-irtf-smug-gdoi-00.txt
draft-harney-sparta-gsakmp-sec-02.txt
draft-irtf-smug-tesla-00.txt
