Kevin C. Almeroth wrote:
>>>It only requires being on a non-IGMP'd switch or a hub; at that point,
>>>you can snoop the traffic and see any packet going to any multicast group.
>>>
>>>It's much harder to snoop UDP; for non-broadcast, you'd have to be
>>>in-line (on the wire, effectively) or on a hub. While hubs are becoming
>>>less common, they're often being replaced with cheaper non-IGMP-capable
>>>switches. Which means that they're still hubs, as far as multicast
>>>traffic is concerned.
>>
>
> Without a dobut you are right, though I think the degree of difference is
> awful small. Through hosts with root on switches or through wireless into
> the mix and you are back to being roughly equivalent.
Hosts with root can't snoop anything but broadcast UDP on switches
unless the switch is configurable; many switches aren't.
> However, for any reasonable content provider the difference shouldn't
> matter. If you have sensitive/valuable content, whether it is unicast
> or multicast, it should be protected. To say that multicast isn't being
> used because there isn't security is a non-sequitor.
There certainly may be more immediate concerns (scalability, accounting,
etc.), but that doesn't mean security isn't a concern.
> Better yet, try RFC3171. Bottom-line: there are weak links in the chain.
> But, if those weak links weren't there, other links would be weak links,
> and THOSE weak links would still be weak enough to require using encryption.
> It just so happens that the weak multicast links are only a bit weaker than
> the unicast links. Understand that convoluted logic? :-)
Not quite; as Valdis observes.
Multicast is necessarily a LOT weaker:
1) I can get a copy of packets by normal operation
(join a group). there is no equivalent for UDP,
notably for paths that aren't shared.
2) UDP has application, network, and tunnel encryption that
is both widely deployed and widely used. there is
no equivalent for multicast.
Joe
