Agenda for IETF 55 - IPSECKEY (BOF) IPSEC KEYing information - - PowerPoint PPT Presentation

agenda for ietf 55 ipseckey bof ipsec keying information
SMART_READER_LITE
LIVE PREVIEW

Agenda for IETF 55 - IPSECKEY (BOF) IPSEC KEYing information - - PowerPoint PPT Presentation

May 14, 2023 157 likes •310 views

Agenda for IETF 55 - IPSECKEY (BOF) IPSEC KEYing information resource record BOF AGENDA: 1. Open meeting and welcome 2. Scribe and blue sheetOlafur Gudmundsson 3. IntroductionMichael Richardson 4. Documents 4.1 Why the KEY

slide-1
SLIDE 1

Agenda for IETF 55 - IPSECKEY (BOF) IPSEC KEYing information resource record BOF

slide-2
SLIDE 2

AGENDA:

  • 1. Open meeting and welcome
  • 2. Scribe and blue sheetOlafur Gudmundsson
  • 3. IntroductionMichael Richardson
  • 4. Documents

4.1 Why the KEY record was restricted to only DNSSEC keys. Scott Rose see draft-ietf-dnsext-restrict-key-for-dnssec-04.txt 4.2 A method for storing IPsec keying material in DNS. draft-richardson-ipsec-rr-00.txt Michael Richardson

  • 5. open mike
  • 6. Next step.Olafur Gudmundsson
  • 7. Charter discussionOlafur Gudmundsson
  • 8. schedule discussion
slide-3
SLIDE 3

Mailing list info

LIST: ipseckey@sandelman.ottawa.on.ca Archive: http://www.sandelman.ca/lists/html/ipseckey/threads.html email to: majordomo@sandelman.ottawa.on.ca body "subscribe ipseckey"

slide-4
SLIDE 4
  • 2. Blue Sheet
slide-5
SLIDE 5
  • 3. Introduction

What we need for Opportunistic Encryption: see draft-richardson-ipsec-opportunistic-10.txt the public key (RSA) of the remote system the IP address (v4 or v6) of the gateway

self if in host mode

we need this data indexed by IP address, i.e. we need it in in-addr.arpa.

slide-6
SLIDE 6
  • 4. Documents

4.1 Why the KEY record was restricted to only DNSSEC keys.

Scott Rose see draft-ietf-dnsext-restrict-key-for-dnssec-04.txt

4.2 A method for storing IPsec keying material in DNS.

draft-richardson-ipsec-rr-00.txt Michael Richardson

slide-7
SLIDE 7

Scott Rose

Why the KEY record was restricted to only DNSSEC keys. draft-ietf-dnsext-restrict-key-for-dnssec-04.txt

slide-8
SLIDE 8

initial proposal

new resource record type a series of type-length-value pairs currently is extensible (too flexible?)

slide-9
SLIDE 9

RR contents

A method for storing IPsec keying material in DNS.

slide-10
SLIDE 10

Definitions for field types:

0no more fields 1priority of this entry 2IPv4 address of the gateway for this host 3IPv6 address of the gateway for this host 4FQDN of the gateway for this host 5RSA public key for the gateway

slide-11
SLIDE 11
  • 5. open mike
slide-12
SLIDE 12
  • 6. Next steps

Olafur Gudmundsson

slide-13
SLIDE 13
  • 7. Charter discussion

Olafur Gudmundsson

slide-14
SLIDE 14
  • 8. schedule discussion
slide-15
SLIDE 15

IPSEC KEYing information resource record

Working group info ipseckey@sandelman.ottawa.on.ca email to: majordomo@sandelman.ottawa.on.ca body "subscribe ipseckey" Drafts: draft-ietf-dnsext-restrict-key-for-dnssec-04.txt draft-richardson-ipsec-rr-00.txt