Re: ike and secure DNS

[Bill Manning <bmanning@ISI.EDU>]

 A couple academic projects, TBDS and FMESHD, are either dependent on
 working DNSSEC or leverage DNSSEC for key exchange, while the upcoming
 DNSSEC workshop on the 25th in WDC will be evaluating DNSSEC viability
 in the ip6.int tree. If that can be shown to be stable, it can act as
 a precursor to a signed in-addr.arpa. and other address-name trees.
 I think this is what is needed to exploit any IKE/ipsec & DNS interactions
 since that will give us a "chain-of-custody" up the delegation heirarchy.
 Does Free/SWAN have this as a shared goal?

	
% 
% 
% I'd like to gather information on existing projects (commerical or
% academic) working towards the integration of DNSSEC infrastructure and
% IKE/ipsec. I know FreeSWAN has such integration plans? Any progress in
% that front? Other experiences?
% 
% Thanks,
% 
% Hugo
% 
% On Mon, 9 Oct 2000, Henry Spencer wrote:
% > 
% > > Then you could provision every peer with a central gateway's public key at
% > > installation time, and use one-time passwords for authentication...
% > 
% > Actually you don't even need to provision the peers with the gateway's
% > public key, if you trust DNS lookups -- you can get it from DNS.  
% 
% > 
% > 
% 
% 
% 


-- 
--bill

---

Follow-Ups:

• Re: ike and secure DNS
• From: Henry Spencer <henry@spsystems.net>

References:

• ike and secure DNS
• From: Hugo Krawczyk <hugo@ee.technion.ac.il>

---

• Prev by Date: Re: Reliable delete notifies
• Next by Date: Simplifying IKE (was RE: Reliable delete notifies)
• Prev by thread: ike and secure DNS
• Next by thread: Re: ike and secure DNS
• Index(es):
  • Main
  • Thread