Kevin C. Almeroth wrote: >>>Multicast is necessarily a LOT weaker: >>> >>> 1) I can get a copy of packets by normal operation >>> (join a group). there is no equivalent for UDP, >>> notably for paths that aren't shared. >> > > Again, not in all cases. You over-simplify the effectiveness of scoping. Unicast has TTLs too. > You can't have it both ways. Yes, there is a situation where you can obtain > a copy of a multicast packet through standard operation. But the fact > that scoping and addressing make it non-trivial Agreed - scoping sets some boundaries, but it's primitive as a 'security' mechanism, because everyone within those boundaries can very easily get a backet. The same is just not nearly as true for unicast. >>> 2) UDP has application, network, and tunnel encryption that >>> is both widely deployed and widely used. there is >>> no equivalent for multicast. > > I disagree... a number of commercial multicast apps have encryption. Agreed. What I am asserting (by the above) is that security is clearly important to the average user, and that the average user won't accept obfuscation as a solution. Joe