summaryrefslogtreecommitdiff
path: root/TODO
blob: 91363e38b0f2e2972078c737c2529eb50f841c8b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
                 -------------------------
                  strongSwan - Roadmap
                 -------------------------

These notes mostly belong to charon, the new IKEv2 daemon. The plan is to
migrate IKEv1 into charon. It's hard to say how much effort is needed to
do that, and how much code we can reuse from pluto. But a port IS necessary to
gain hassle-free confiugration, version negotiation and maintainability.

Roadmap 2007
============

 Mar  !   - Cookie support, IP filter, other fixes to mature against DoS
      !   - release IKEv2 p2p NATT draft 00
      !
 Apr  !   - PRF in CHILD_SA rekeying
      !   - configuration managament refactoring
      !   - credentials backend redesign
      !   - interface in charon for the XML based SMP management interface
      !   - reimplement IKEv2 p2p NATT support
      !
 May  !   - SMP configuration client
      !
 Jun  !   - start with IKEv1 migration strategy
      !
 Jul  !
      !
 Aug  !
      !
 Sep  !
      !
 Oct  !
      !
 Nov  !
      !
 Dec  !
      !


TODO-List
=========

A set of TODOs. This is only a list of things I write down to not forget them.
Watch out for TODOs in the code.
  
Build system
------------
- configure flag which allows to ommit vendor id in pluto
- reduce printf handlers count to 10, as uClibc does not support more

Certificate support
-------------------
- New trustchain mechanism?
- proper handling of multiple certificate payloads (import order)
- synchronized CRL fetcher
- Smartcard interface
- Attribute certificates

Stroke interface
----------------
- add a Rekey-Counter for SAs in "statusall"
- ipsec statusall bytecount
- proper handling of CTRL+C console detach (SIG_PIPE)

Misc
----
- PFS support for creating/rekeying CHILD_SAs
- Address pool/backend for virtual IP assignement
- fix iterator->insert_before/after