Project

General

Profile

Feature #2078

Support for RFC 4025 and RFC 4322 - using DNSSEC to hold IPsec config

Added by r a almost 8 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Low
Assignee:
-
Category:
kernel
Start date:
2012-02-04
Due date:
% Done:

0%

Estimated time:
Difficulty:
Expert
Tags:
needs-triage

Description

RFC 4025 and RFC 4322 describe how to use DNSSEC to hold information to relating to the configuration of IPsec Phase 1 and Phase 2 respectively for establishing IPsec tunnels.

Can support for these RFCs be included in OpenIndiana?

Assuming that all the major Firewall vendors also support these RFCs, then establishing VPNs between OpenIndiana could be radically simplified.

History

#1

Updated by Bayard Bell almost 8 years ago

This is an issue for the illumos-gate upstream.

#2

Updated by Bayard Bell almost 8 years ago

  • Project changed from OpenIndiana Distribution to illumos gate
#3

Updated by r a over 7 years ago

Can this Feature request be updated to support RFC 6071 IP Security (IPSec) and Internet Key Exchange (IKE) using DNSSEC

#4

Updated by Dan McDonald over 5 years ago

  • Category set to kernel
  • Status changed from New to Feedback
  • Priority changed from Normal to Low
  • Difficulty changed from Medium to Expert

The IPsec part of this bug (gathering SPD information via DNSSEC) might be possible, but the IKE part is not, due to IKEv1 (in.iked) being closed-source, and IKEv2 being a victim of Oracle.

#5

Updated by Dan McDonald over 5 years ago

  • Status changed from Feedback to Closed

Closing this, since 1/2 of it affects a closed-source program, and the other half should be called out separately IF that's the problem you really want solved (IPsec SPD/ipsecconf(1M) input in DNS).

Also available in: Atom PDF