Added NEWS about mutual EAP-only authentication

author: Martin Willi <martin@strongswan.org> 2010-01-07 16:16:22 +0100
committer: Martin Willi <martin@strongswan.org> 2010-01-07 16:16:22 +0100
commit: aca9f9ab5a8790f2b0656c78b08bec6c7d9abd62 (patch)
tree: 6f1ae3c3a981db510ccdf9f6cdb6776ecab5d9f7 /NEWS
parent: 34948b99710af7a011794ac2a7e99185fc332168 (diff)
download: strongswan-aca9f9ab5a8790f2b0656c78b08bec6c7d9abd62.tar.bz2
strongswan-aca9f9ab5a8790f2b0656c78b08bec6c7d9abd62.tar.xz
1 files changed, 6 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 64801421f..3fcb49c2a 100644
--- a/NEWS
+++ b/NEWS
@@ -35,6 +35,12 @@ strongswan-4.3.6
   "charon.send_vendor_id" option in strongswan.conf to let the remote peer know
   this is the case.
 
+- Experimental support for draft-eronen-ipsec-ikev2-eap-auth, where the
+  responder omits public key authentication in favor of a mutual authentication
+  method. To enable EAP-only authentication, set rightauth=eap on the responder
+  to rely only on the MSK constructed AUTH payload. This not-yet standardized
+  extension requires the strongSwan vendor ID introduced above.
+
 - The IKEv1 daemon ignores the Juniper SRX notification type 40001, thus
   allowing interoperability.
author	Martin Willi <martin@strongswan.org>	2010-01-07 16:16:22 +0100
committer	Martin Willi <martin@strongswan.org>	2010-01-07 16:16:22 +0100
commit	aca9f9ab5a8790f2b0656c78b08bec6c7d9abd62 (patch)
tree	6f1ae3c3a981db510ccdf9f6cdb6776ecab5d9f7 /NEWS
parent	34948b99710af7a011794ac2a7e99185fc332168 (diff)
download	strongswan-aca9f9ab5a8790f2b0656c78b08bec6c7d9abd62.tar.bz2 strongswan-aca9f9ab5a8790f2b0656c78b08bec6c7d9abd62.tar.xz