Scalable Multicast Key Distribution
RFC 1949

Document Type RFC - Experimental (May 1996; No errata)
Author Anthony Ballardie 
Last updated 2013-03-02
Stream IETF
Formats plain text html pdf htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 1949 (Experimental)
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                       A. Ballardie
Request for Comments: 1949                     University College London
Category: Experimental                                          May 1996

                  Scalable Multicast Key Distribution

Status of this Memo

   This memo defines an Experimental Protocol for the Internet
   community.  This memo does not specify an Internet standard of any
   kind.  Discussion and suggestions for improvement are requested.
   Distribution of this memo is unlimited.


   The benefits of multicasting are becoming ever-more apparent, and its
   use much more widespread. This is evident from the growth of the
   MBONE [1]. Providing security services for multicast, such as traffic
   integrity, authentication, and confidentiality, is particularly
   problematic since it requires securely distributing a group (session)
   key to each of a group's receivers.  Traditionally, the key
   distribution function has been assigned to a central network entity,
   or Key Distribution Centre (KDC), but this method does not scale for
   wide-area multicasting, where group members may be widely-distributed
   across the internetwork, and a wide-area group may be densely

   Even more problematic is the scalable distribution of sender-specific
   keys. Sender-specific keys are required if data traffic is to be
   authenticated on a per-sender basis.

   This memo provides a scalable solution to the multicast key
   distribution problem.

   NOTE: this proposal requires some simple support mechanisms, which,
   it is recommended here, be integrated into version 3 of IGMP. This
   support is described in Appendix B.

1.  Introduction

   Growing concern about the integrity of Internet communication [13]
   (routing information and data traffic) has led to the development of
   an Internet Security Architecture, proposed by the IPSEC working
   group of the IETF [2]. The proposed security mechanisms are
   implemented at the network layer - the layer of the protocol stack at
   which networking resources are best protected [3].

Ballardie                     Experimental                      [Page 1]
RFC 1949          Scalable Multicast Key Distribution           May 1996

   Unlike many network layer protocols, the Core Based Tree (CBT)
   multicast protocol [4] makes explicit provision for security; it has
   its own protocol header, unlike existing IP multicast schemes
   [10,11], and other recently proposed schemes [12].

   In this document we describe how the CBT multicast protocol can
   provide for the secure joining of a CBT group tree, and how this same
   process can provide a scalable solution to the multicast key
   distribution problem.  These security services are an integral part
   of the CBT protocol [4]. Their use is optional, and is dependent on
   each individual group's requirements for security. Furthermore, the
   use of the CBT multicast protocol for multicast key distribution does
   not preclude the use of other multicast protocols for the actual
   multicast communication itself, that is, CBT need only be the vehicle
   with which to distribute keys.

   Secure joining implies the provision for authentication, integrity,
   and optionally, confidentiality, of CBT join messages. The scheme we
   describe provides for the authentication of tree nodes (routers) and
    receivers (end-systems) as part of the tree joining process. Key
   distribution (optional) is an integral part of secure joining.

   Network layer multicast protocols, such as DVMRP [7] and M-OSPF [9],
   do not have their own protocol header(s), and so cannot provision for
   security in themselves; they must rely on whatever security is
   provided by IP itself. Multicast key distribution is not addressed to
   any significant degree by the new IP security architecture [2].

   The CBT security architecture is independent of any particular
   cryptotechniques, although many security services, such as
   authentication, are easier if public-key cryptotechniques are

   What follows is an overview of the CBT multicasting. The description
   of our proposal in section 6.1 assumes the reader is reasonably
   familiar with the CBT protocol. Details of the CBT architecture and
   protocol can be found in [7] and [4], respectively.

2.  Overview of BCT Multicasting

   CBT is a new architecture for local and wide-area IP multicasting,
   being unique in its utilization of just one shared delivery tree per
   group, as opposed to the source-based delivery tree approach of
   existing IP multicast schemes, such as DVMRP and MOSPF.

   A shared multicast delivery tree is built around several so-called
   core routers. A group receiver's local multicast router is required
   to explicitly join the corresponding delivery tree after receiving an

Ballardie                     Experimental                      [Page 2]
RFC 1949          Scalable Multicast Key Distribution           May 1996
Show full document text