{"draft":"draft-richardson-ipsec-opportunistic-17","doc_id":"RFC4322","title":"Opportunistic Encryption using the Internet Key Exchange (IKE)","authors":["M. Richardson","D.H. Redelmeier"],"format":["ASCII","HTML"],"page_count":"44","pub_status":"INFORMATIONAL","status":"INFORMATIONAL","source":"IETF - NON WORKING GROUP","abstract":"This document describes opportunistic encryption (OE) as designed and\r\nimplemented by the Linux FreeS\/WAN project.  OE uses the Internet Key\r\nExchange (IKE) and IPsec protocols.  The objective is to allow\r\nencryption for secure communication without any pre-arrangement\r\nspecific to the pair of systems involved.  DNS is used to distribute\r\nthe public keys of each system involved.  This is resistant to\r\npassive attacks.  The use of DNS Security (DNSSEC) secures this\r\nsystem against active attackers as well.\r\n\r\nAs a result, the administrative overhead is reduced from the square\r\nof the number of systems to a linear dependence, and it becomes\r\npossible to make secure communication the default even when the\r\npartner is not known in advance.  This memo provides information for the Internet community.","pub_date":"November 2005","keywords":["oe","linux frees\/wan","ipsec","dns","domain name space","dns security"],"obsoletes":[],"obsoleted_by":[],"updates":[],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC4322","errata_url":"https:\/\/www.rfc-editor.org\/errata\/rfc4322"}