Support for RFC 4025 and RFC 4322 - using DNSSEC to hold IPsec config
RFC 4025 and RFC 4322 describe how to use DNSSEC to hold information to relating to the configuration of IPsec Phase 1 and Phase 2 respectively for establishing IPsec tunnels.
Can support for these RFCs be included in OpenIndiana?
Assuming that all the major Firewall vendors also support these RFCs, then establishing VPNs between OpenIndiana could be radically simplified.
Updated by Dan McDonald over 5 years ago
- Category set to kernel
- Status changed from New to Feedback
- Priority changed from Normal to Low
- Difficulty changed from Medium to Expert
The IPsec part of this bug (gathering SPD information via DNSSEC) might be possible, but the IKE part is not, due to IKEv1 (in.iked) being closed-source, and IKEv2 being a victim of Oracle.