It doesn't have a method for sharing the keys.  Since TLS (and DTLS)
are designed to prevent man-in-the-middle attacks, each endpoint adds
its own parameters to the cryptographic mishmash during the key
negotiation phase.  This would require each multicast listener to get
its own specially-encrypted stream, which would defeat the purpose of
multicasting.

-Kyle H

On Fri, Jun 13, 2008 at 2:43 PM, Andrei Iarus <[EMAIL PROTECTED]> wrote:
> Yes, SRTP would be a solution, or my own RTP profile would be a solution.
>
> About DTLS: where is the problem with multicast: it simply does not have a
> method of sharing the keys OR it won't send the encrypting datagrams to a
> multicast address?
>
>
>
> Thank you very much,
>
> Andrei
>
> ----- Original Message ----
> From: Ariel Salomon <[EMAIL PROTECTED]>
> To: "openssl-users@openssl.org" <openssl-users@openssl.org>
> Sent: Friday, June 13, 2008 5:23:43 PM
> Subject: Re: DTLS and multicast
>
>
> hi Andrei,
>
>    DTLS does not support multicast.  For multicast group security, you
> should look into the IETF MSEC group standards for key distribution, which
> can be used for SRTP.
>
>   - Ariel
>
> Andrei Iarus wrote:
>
>    Hello,
>
> Does DTLS support multicasting and if yes, does the OpenSSL implementation
> support it? I need to secure some kind of RTP transmission that uses
> multicast.
>
> Thank you.
>
>
> --
>  - Ariel Salomon / Senior Software Engineer
> Real-Time Innovations (RTI) / www.rti.com
> 408 990-7439 / [EMAIL PROTECTED]
>
> RTI - The Real-Time Middleware Experts
>
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to