diff options
| author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2007-04-12 20:30:08 +0000 |
|---|---|---|
| committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2007-04-12 20:30:08 +0000 |
| commit | b0d8ed94fe9e74afb49fdf5f11e4add29879c65c (patch) | |
| tree | b20167235628771046e940a82a906a6d0991ee4a /TODO | |
| parent | ea939d07c84d2a8e51215458063fc05e9c399290 (diff) | |
| download | vyos-strongswan-b0d8ed94fe9e74afb49fdf5f11e4add29879c65c.tar.gz vyos-strongswan-b0d8ed94fe9e74afb49fdf5f11e4add29879c65c.zip | |
[svn-upgrade] Integrating new upstream version, strongswan (4.1.1)
Diffstat (limited to 'TODO')
| -rw-r--r-- | TODO | 69 |
1 files changed, 69 insertions, 0 deletions
@@ -0,0 +1,69 @@ + ------------------------- + strongSwan - Roadmap + ------------------------- + +These notes mostly belong to charon, the new IKEv2 daemon. The plan is to +migrate IKEv1 into charon. It's hard to say how much effort is needed to +do that, and how much code we can reuse from pluto. But a port IS necessary to +gain hassle-free confiugration, version negotiation and maintainability. + +Roadmap 2007 +============ + + Mar ! - Cookie support, IP filter, other fixes to mature against DoS + ! - release IKEv2 p2p NATT draft 00 + ! + Apr ! - PRF in CHILD_SA rekeying + ! - configuration managament refactoring + ! - credentials backend redesign + ! - interface in charon for the XML based SMP management interface + ! - reimplement IKEv2 p2p NATT support + ! + May ! - SMP configuration client + ! + Jun ! - start with IKEv1 migration strategy + ! + Jul ! + ! + Aug ! + ! + Sep ! + ! + Oct ! + ! + Nov ! + ! + Dec ! + ! + + +TODO-List +========= + +A set of TODOs. This is only a list of things I write down to not forget them. +Watch out for TODOs in the code. + +Build system +------------ +- configure flag which allows to ommit vendor id in pluto +- reduce printf handlers count to 10, as uClibc does not support more + +Certificate support +------------------- +- New trustchain mechanism? +- proper handling of multiple certificate payloads (import order) +- synchronized CRL fetcher +- Smartcard interface +- Attribute certificates + +Stroke interface +---------------- +- add a Rekey-Counter for SAs in "statusall" +- ipsec statusall bytecount +- proper handling of CTRL+C console detach (SIG_PIPE) + +Misc +---- +- PFS support for creating/rekeying CHILD_SAs +- Address pool/backend for virtual IP assignement +- fix iterator->insert_before/after |