How do you put a TV station on the Mbone?

Jeff Wheeler jsw at
Thu May 5 06:42:45 UTC 2011

On Thu, May 5, 2011 at 1:55 AM, George Bonser <gbonser at> wrote:
> multicast. How do I encrypt something in a way that anyone can decrypt
> but nobody can duplicate?  If I have a separate stream per user, that is

Have you ever seen a CableCARD?  That's pretty much what it does,
except not "anyone" can decrypt it -- you need to subscribe to some TV
channels.  There has been quite a bit of work in "black-boxing" the
decryption of broadcast/multicast streams to make it difficult for
end-users to pirate the content.  That's why you see HDCP logos in the
marketing fluff for displays and graphics cards, etc.

> Encryption is probably overkill anyway.  What is needed is a mechanism
> simply to say that the content is certified to have come from the source
> it claims to come from.  So ... basically ... better not to use
> multicast for anything you really might have any security issues with.
> Fine for broadcasting a video, not so fine for a kernel update.

This is a solved problem.  Not only are you able to verify the
computed checksum of a downloaded file against the distributor's
published checksum, there are plenty of applications that do this for
you -- torrent programs check each chunk and throw away
malicious/erroneous ones.

There are certainly things that need work before I can start up Jeff's
Internet Movie Channel and go into competition with HBO, but for the
most part, these are solvable if networks decided to do it.  The big
limitation is there can't be infinite groups -- FIB is only so big and
there is no agreeable mechanism for sharing the number that can be
made to exist, given current (and foreseeable) routers.  Since so many
"eyeballs" are sitting on ISPs that also own television networks and
other media properties, though, I don't think we will get multicast
anytime soon.

Jeff S Wheeler <jsw at>
Sr Network Operator  /  Innovative Network Concepts

More information about the NANOG mailing list