A method and apparatus for providing routing protocol support for distributing encryption information is presented. Subnet prefixes reachable on a first customer site in an encrypted manner are identified, as are security groups the subnet prefixes belong to. An advertisement is received at a first Customer Edge (CE) device in the first customer site, the advertisement originating from a Customer (C) device in the first customer site. The advertisement indicates links, subnets to be encrypted, and security group identifiers. The prefixes and the security group identifiers are then propagated across a service provider network to a second CE device located in a second customer site. In such a manner, encryption and authentication is expanded further into a customer site, as customer devices are able to indicate to a service provider network infrastructure and other customer devices in other customer sites which local destinations require encryption/authentication.