I am indeed the Responsible Area Director for the IPsec working group (ipsecme). I have removed the support email from the address line, and I'm taking the liberty of cc'ing the working group to get you the best answer to your question.
The mail archive for this list is here: https://mailarchive.ietf.org/arch/browse/ipsec/ And you can subscribe if you like here: https://www.ietf.org/mailman/listinfo/ipsec Deb Cooley Sec AD On Wed, Jun 11, 2025 at 10:31 AM Cindy Morgan via RT <supp...@ietf.org> wrote: > Hi Russell, > > You have reached the IETF Secretariat, which handles administrative > functions for the Internet Engineering Task Force. As such, we are not > qualified to evaluate your technical proposal. > > I have copied Deb Cooley, the Area Director for the IP Security > Maintenance and Extensions (ipsecme) Working Group, who may be better able > to answer your questions. > > Best regards, > > Cindy Morgan > IETF Secretariat > > > > On Wed Jun 11 05:12:35 2025, russell.aspinw...@bcs.org.uk wrote: > > Good Afternoon > > I am trying to determine if my idea is worth considering as RFC. > > The objective is to automate the process of establishing IPSec Transport > or Tunnel Mode. > > An IPv6 host would be configured via IPSec Flag, IPSec Mode Flag and IPSec > Public Key. > > The IPSec Flag set to 0 indicates IPSec is enabled, with a value of 1 > IPSec disabled. > The IPSec Mode Flag set to 0 indicates IPSec Transport Mode, set 1 > indicates IPSec Tunnel Mode > The IPSec Public Key is the IPSec data in IPSECKEY format > The IPSec Domain is the host FQDN. > > The DNS IPSECTM record would include the IPSec Transport Flag and IPSec > Public Key for the IPSec Domain entry. > > > > Stateful DHCPv6 > > The IPv6 Host performs a DHCPv6 SOLICIT and include the IPSECTM option > into which IPSec Flag, IPSec Mode Flag, IPSec Public Key and IPSec Domain > is encoded. > > The DHCPv6 service would take information in the IPSECTM option and > respond to the IPv6 host in the DHCP Advertise by sending back the IPSECTM > option with the IPSec Flag set to 1 indicating that IPSECTM records are not > supported. > The DHCPv6 service would take information in the IPSECTM option and > respond to the IPv6 host in the DHCP Advertise by sending back the IPSECTM > option with the IPSec Flag set to 0 with the IPSec Mode Flag unchanged if > the selected Mode is supported or return the value that is supported, 0 for > Transport or 1 for Tunnel mode. > > The DHCPv6 Service would send a DDNS update to the primary DNS server for > the IPSec Domain, registering the IPSECTM DNS record which specifies IPSec > Transport mode and Public Key of the IPSec Domain FQDN host > > > Stateless or SLAAC > > The IPv6 Host sends a DDNS update the DNS Service would be configured to > process the normal DNS update either block all IPSECTM records, or allow > IPSECTM records with Transport Mode or Tunnel Mode or accept all IPSECTM > records. > > > > Fixed Address > > The IPv6 Host IPSECTM record would be manually configured in DNS > > > > Going forward applications SSH, SMTP, can query for the IPSECTM record and > can automatically use it to create an IPSec communication channel as a > point to point communication. > > > > Kind Regards > > Russell Aspinwall > > > > > >
_______________________________________________ IPsec mailing list -- ipsec@ietf.org To unsubscribe send an email to ipsec-le...@ietf.org
