Public keys for IPsecdraft-richardson-ipsec-rr-00.txt
Opportunistic Encryption (OE) for IPsec/IKE
- Can transparently encrypt IP traffic between hosts if a key for the host is found in the DNS
OE today uses TXT RR or KEY RR for publishing
- key information
- information about any security gateway used for the connection
- under {ip6,in-addr}.arpa zone
IKE needs the public key before connection, as the key itself is not transferred in-band