Add NEWS about TKM separation

author: Reto Buerki <reet@codelabs.ch> 2013-03-18 16:13:55 +0100
committer: Tobias Brunner <tobias@strongswan.org> 2013-03-19 15:24:36 +0100
commit: db50a35ad86c95e7b2aeb13e7dae50d3f7127336 (patch)
tree: 34244b017e60daa1a22ef27f65c75694205109af /NEWS
parent: c57b7a66c30e7c9c5484818bb5b2c6a7779838e2 (diff)
download: strongswan-db50a35ad86c95e7b2aeb13e7dae50d3f7127336.tar.bz2
strongswan-db50a35ad86c95e7b2aeb13e7dae50d3f7127336.tar.xz
1 files changed, 8 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index b4bc162d0..10c8353b8 100644
--- a/NEWS
+++ b/NEWS
@@ -43,6 +43,14 @@ strongswan-5.0.3
   any authentication.  Therefore, to use this backend it has to be selected
   explicitly with rightauth2=xauth-noauth.
 
+- The new charon-tkm IKEv2 daemon delegates security critical operations to a
+  separate process. This has the benefit that the network facing daemon has no
+  knowledge of keying material used to protect child SAs. Thus subverting
+  charon-tkm does not result in the compromise of cryptographic keys.
+  The extracted functionality has been implemented from scratch in a minimal TCB
+  (trusted computing base) in the Ada programming language. Further information
+  can be found at http://www.codelabs.ch/tkm/.
+
 strongswan-5.0.2
 ----------------
author	Reto Buerki <reet@codelabs.ch>	2013-03-18 16:13:55 +0100
committer	Tobias Brunner <tobias@strongswan.org>	2013-03-19 15:24:36 +0100
commit	db50a35ad86c95e7b2aeb13e7dae50d3f7127336 (patch)
tree	34244b017e60daa1a22ef27f65c75694205109af /NEWS
parent	c57b7a66c30e7c9c5484818bb5b2c6a7779838e2 (diff)
download	strongswan-db50a35ad86c95e7b2aeb13e7dae50d3f7127336.tar.bz2 strongswan-db50a35ad86c95e7b2aeb13e7dae50d3f7127336.tar.xz