A method of
key exchange for
IPsec which allows to parties to communicate securely without having any prearranged or preshared secrets.
There are two types of
OE, the first being initiator-only. Initiator-only
OE is the configuration you would use if you do not have control over the
reverse DNS of your
IP address. Therefore, only you can start the
IPsec negotiation, other machines would be unable to get your key from your
reverse DNS. You must, however, have a domain where you have control of
DNS, where you can publish the forward key (IN KEY) record.
The second type of
OE is Full Opportunism. This allows you to either start the exchange, or receive the connection from someone else. To use Full
OE you must be able to publish IN KEY records for both forward and
reverse DNS and insert an IN TXT record that specifies that your
IP can receive
OE connections.
Opportunistic Encryption is secure against
passive attacks (an eavesdropper), and with the addition of
DNSsec (signing of KEY records by each level of
domain up to the
TLD) is secure against an
active attack (
Man in the Middle).
Currently only
FreeS/WAN supports
OE, but hopefully more implementations will pick it up as it is currently an
IETF draft standard.