Name: Opportunistic Encryption Using IPsec - Paul Wouters, Libreswan IPsec VPN Project
Start: 2016-08-26T14:00:00-0400
End: 2016-08-26T14:45:00-0400

Don’t miss the Linux Security Summit, be sure to register now!

Back To Schedule

Opportunistic Encryption Using IPsec - Paul Wouters, Libreswan IPsec VPN Project

Opportunistic IPsec (Paul Wouters, Red Hat) - Leveraging the XFRM code inside the kernel, the libreswan IKE daemon can create XFRM kernel so it will be notified of each new netflow. It uses this information to encrypt as much of the host's traffic as possible towards other hosts with the same IPsec capability. In addition to packet-triggered events, it can also hook itself into the system via DNS calls, attempting to setup IPsec encryption before the application has even been given the IP address to contact.

By supporting different authentication mechanisms, such as X.509 certificates, GSSAPI, or DNSSEC secured IPSECKEY records, this method can be deployed on any enterprise or cloud platform or even for internet hosts at large.

Wouters will show how to configure Opportunistic IPsec for an X.509 based cloud deployment and for internet-wide deployment using LetsEncrypt.

Speakers

Paul Wouters

Project lead VPN Technologies, Red Hat

Paul Wouters is one of the core developers for the Libreswan IPsec VPN project. He is an active IETF member in security and DNS related working groups and author of several RFC's related to IPsec and DNS. He was a member of the ICANN DNSSEC Root zone Key Signing Key Design Team. He... Read More →

Friday August 26, 2016 14:00 - 14:45 EDT
Harbour C

Conference Session, Beginner

Linux Security Summit

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Paul Wouters

Attendees (8)