On Tue, Oct 5, 2010 at 4:25 PM, Simo Sorce wrote:
> On Tue, 5 Oct 2010 12:25:30 -0500
> Rob Townley wrote:
>
>> i was just wondering if multicast ssl (or multicast over a vpn such as
>> IPsec) has been considered as a way to efficiently replicate
>> information from one server to all other servers. i was specifically
>> thinking of multicasting tracking bad password attempts from one
>> server to all the other servers.
>>
>> i don't know anything about multicast ssl except that IBM worked on it
>> in the late 1990's and it was supposed to support reliable transport.
>> It may simplify things if all the servers had the same certificate...
>
> Hi Rob,
> I didn't know you could do reliable multicasting, do you have any
> refernce to an RFC or other document ?
>
> Anyway the main problem would be changing quite drastically the
> replication engine. It would also have impact over the replication
> topology. Something we should think about, but it's going to be a very
> long term thing. The amount of changes required to do something like
> that looks quite big.
>
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
Yes, when i think of multicast, i think udp, therefore unreliable. i
do not know a thing about securing multicast communications.
But one example is GSAKMP or Group Secure Association Key Management
Protocol from the msec group.
msec = Multicast Security is a group with a list of rfcs for security
as recent as 2010.
http://datatracker.ietf.org/wg/msec/charter/
http://tools.ietf.org/html/rfc4535
SecureMulticast.org was the first result of googling "multicast ssl"
and a search at the IETF returned some results, all of which expired
around ten years ago.
At http://datatracker.ietf.org/doc/search/ , enter the terms secure
multicast, but many of these expired around 10 years ago.
i am sure there are other secure multicast methods and of course just
doing multicast over a VPN or IPsec.
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
