On Tue, Oct 5, 2010 at 4:25 PM, Simo Sorce <sso...@redhat.com> wrote: > On Tue, 5 Oct 2010 12:25:30 -0500 > Rob Townley <rob.town...@gmail.com> wrote: > >> i was just wondering if multicast ssl (or multicast over a vpn such as >> IPsec) has been considered as a way to efficiently replicate >> information from one server to all other servers. i was specifically >> thinking of multicasting tracking bad password attempts from one >> server to all the other servers. >> >> i don't know anything about multicast ssl except that IBM worked on it >> in the late 1990's and it was supposed to support reliable transport. >> It may simplify things if all the servers had the same certificate... > > Hi Rob, > I didn't know you could do reliable multicasting, do you have any > refernce to an RFC or other document ? > > Anyway the main problem would be changing quite drastically the > replication engine. It would also have impact over the replication > topology. Something we should think about, but it's going to be a very > long term thing. The amount of changes required to do something like > that looks quite big. > > Simo. > > -- > Simo Sorce * Red Hat, Inc * New York >
Yes, when i think of multicast, i think udp, therefore unreliable. i do not know a thing about securing multicast communications. But one example is GSAKMP or Group Secure Association Key Management Protocol from the msec group. msec = Multicast Security is a group with a list of rfcs for security as recent as 2010. http://datatracker.ietf.org/wg/msec/charter/ http://tools.ietf.org/html/rfc4535 SecureMulticast.org was the first result of googling "multicast ssl" and a search at the IETF returned some results, all of which expired around ten years ago. At http://datatracker.ietf.org/doc/search/ , enter the terms secure multicast, but many of these expired around 10 years ago. i am sure there are other secure multicast methods and of course just doing multicast over a VPN or IPsec. _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel