Support for RFC 4025 and RFC 4322 - using DNSSEC to hold IPsec config
RFC 4025 and RFC 4322 describe how to use DNSSEC to hold information to relating to the configuration of IPsec Phase 1 and Phase 2 respectively for establishing IPsec tunnels.
Can support for these RFCs be included in OpenIndiana?
Assuming that all the major Firewall vendors also support these RFCs, then establishing VPNs between OpenIndiana could be radically simplified.
Updated by Dan McDonald about 7 years ago
- Category set to kernel
- Status changed from New to Feedback
- Priority changed from Normal to Low
- Difficulty changed from Medium to Expert
The IPsec part of this bug (gathering SPD information via DNSSEC) might be possible, but the IKE part is not, due to IKEv1 (in.iked) being closed-source, and IKEv2 being a victim of Oracle.
Updated by Dan McDonald almost 7 years ago
- Status changed from Feedback to Closed
Closing this, since 1/2 of it affects a closed-source program, and the other half should be called out separately IF that's the problem you really want solved (IPsec SPD/ipsecconf(1M) input in DNS).