This document describes how the Linux FreeS/WAN project used DNS TXT and KEY
records to perform opportunistic IPsec encryption. "Opportunistic encryption"
permits secrecy without prearrangement between the parties concerned.
Working Group Summary
Future opportunistic encryption systems will use the IPSECKEY DNS record
instead, in compliance with RFC 3445. This document describes the historic
RFC Editor Note:
Section 1, second paragraph:
Note that 2.01 and beyond implements RFC3445
[RFC3445], in a backward compatible way. A future document will
detail compliance to RFC3445. For project information, see http://
Note that 2.01 and beyond implements [RFC3445] in a
backward compatible way. A future document [IPSECKEY] will describe a
variation that complies with RFC3445. For project information, see
are necessary to adequately explain examples.
networks are necessary to adequately explain the examples, [RFC3330]
addresses are not used.
Add the following non-normative references:
Richardson, M., "A Method for Storing IPsec Keying
Material in DNS", July 2004.
[RFC3330] IANA, "Special-Use IPv4 Addresses", RFC 3330, September
Steve Bellovin has reviewed this document for the IESG.