It doesn't have a method for sharing the keys. Since TLS (and DTLS) are designed to prevent man-in-the-middle attacks, each endpoint adds its own parameters to the cryptographic mishmash during the key negotiation phase. This would require each multicast listener to get its own specially-encrypted stream, which would defeat the purpose of multicasting.
-Kyle H On Fri, Jun 13, 2008 at 2:43 PM, Andrei Iarus <[EMAIL PROTECTED]> wrote: > Yes, SRTP would be a solution, or my own RTP profile would be a solution. > > About DTLS: where is the problem with multicast: it simply does not have a > method of sharing the keys OR it won't send the encrypting datagrams to a > multicast address? > > > > Thank you very much, > > Andrei > > ----- Original Message ---- > From: Ariel Salomon <[EMAIL PROTECTED]> > To: "openssl-users@openssl.org" <openssl-users@openssl.org> > Sent: Friday, June 13, 2008 5:23:43 PM > Subject: Re: DTLS and multicast > > > hi Andrei, > > DTLS does not support multicast. For multicast group security, you > should look into the IETF MSEC group standards for key distribution, which > can be used for SRTP. > > - Ariel > > Andrei Iarus wrote: > > Hello, > > Does DTLS support multicasting and if yes, does the OpenSSL implementation > support it? I need to secure some kind of RTP transmission that uses > multicast. > > Thank you. > > > -- > - Ariel Salomon / Senior Software Engineer > Real-Time Innovations (RTI) / www.rti.com > 408 990-7439 / [EMAIL PROTECTED] > > RTI - The Real-Time Middleware Experts > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]