Multicast Extensions to the Security Architecture for the Internet Protocol

Ignjatic, Dragan; Gross, George; Weis, Brian

doi:10.17487/rfc5374

Cited by 36 publications

(38 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Note: As using IPsec with multicast has additional complexities (see [RFC5374]), relay agents SHOULD be configured to forward DHCP messages to unicast addresses.…”

Section: Requirements Language and Terminologymentioning

confidence: 99%

Security of Messages Exchanged between Servers and Relay Agents

Pal¹,

Volz²

2017

View full text Add to dashboard Cite

The Dynamic Host Configuration Protocol for IPv4 (DHCPv4) has no guidance for how to secure messages exchanged between servers and relay agents. The Dynamic Host Configuration Protocol for IPv6 (DHCPv6) states that IPsec should be used to secure messages exchanged between servers and relay agents but does not require encryption. With recent concerns about pervasive monitoring and other attacks, it is appropriate to require securing relay-to-relay and relay-to-server communication for DHCPv6 and relay-to-server communication for DHCPv4.

show abstract

“…Note: As using IPsec with multicast has additional complexities (see [RFC5374]), relay agents SHOULD be configured to forward DHCP messages to unicast addresses.…”

Section: Requirements Language and Terminologymentioning

confidence: 99%

Security of Messages Exchanged between Servers and Relay Agents

Pal¹,

Volz²

2017

View full text Add to dashboard Cite

show abstract

“…When no authorization is performed, it is possible for a rogue GDOI participant to perpetrate a man-in-the-middle attack between a group member and a GCKS [MP04]. A group member MUST specifically list each authorized GCKS in its Group Peer Authorization Database (GPAD) [RFC5374]. A group member MUST ensure that the Phase 1 identity of the GCKS is an authorized GCKS.…”

Section: Authorizationmentioning

confidence: 99%

“…Authorization A GCKS implementation SHOULD maintain an authorization list of authorized group members. A group member MUST specifically list each authorized GCKS in its Group Peer Authorization Database (GPAD) [RFC5374].…”

Section: Denial-of-service Protectionmentioning

confidence: 99%

See 1 more Smart Citation

The Group Domain of Interpretation

Weis¹,

Rowles²,

Hardjono³

2011

Self Cite

View full text Add to dashboard Cite

show abstract

“…Section 3.1 of "Multicast Extensions to the Security Architecture for the Internet Protocol" [RFC5374] defines a new tunnel mode: tunnel mode with address preservation. This mode copies the destination and optionally the source address from the inner header to the outer header.…”

Section: Applicability Of Tunnel Mode With Address Preservationmentioning

confidence: 99%

Applicability of Keying Methods for RSVP Security

Behringer¹,

Le²,

Weis³

2011

Self Cite

View full text Add to dashboard Cite

The Resource reSerVation Protocol (RSVP) allows hop-by-hop integrity protection of RSVP neighbors. This requires messages to be cryptographically protected using a shared secret between participating nodes. This document compares group keying for RSVP with per-neighbor or per-interface keying, and discusses the associated key provisioning methods as well as applicability and limitations of these approaches. This document also discusses applicability of encrypting RSVP messages.

show abstract

Multicast Extensions to the Security Architecture for the Internet Protocol

Cited by 36 publications

References 15 publications

Security of Messages Exchanged between Servers and Relay Agents

Security of Messages Exchanged between Servers and Relay Agents

The Group Domain of Interpretation

Applicability of Keying Methods for RSVP Security

Contact Info

Product

Resources

About