diff options
author | Martin Willi <martin@strongswan.org> | 2006-12-19 10:46:58 +0000 |
---|---|---|
committer | Martin Willi <martin@strongswan.org> | 2006-12-19 10:46:58 +0000 |
commit | 2b4405a3e7a3e747ef39016365bbbcea24d442cc (patch) | |
tree | d410c4bcb6d9c7338aa0dccf5ef5809855554cce /TODO | |
parent | 532f2347dcad6d1dd553886fe4665ada99f30438 (diff) | |
download | strongswan-2b4405a3e7a3e747ef39016365bbbcea24d442cc.tar.bz2 strongswan-2b4405a3e7a3e747ef39016365bbbcea24d442cc.tar.xz |
added a roadmap of the strongSwan project (TODO)
added some NEWS
Diffstat (limited to 'TODO')
-rw-r--r-- | TODO | 84 |
1 files changed, 84 insertions, 0 deletions
@@ -0,0 +1,84 @@ + ------------------------- + strongSwan - Roadmap + ------------------------- + +These notes mostly belong to charon, the new IKEv2 daemon. The plan is to +migrate IKEv1 into charon. It's hard to say how much effort is needed to +do that, and how much code we can reuse from pluto. But a port IS necessary to +gain hassle-free confiugration, version negotiation and maintainability. + +Roadmap for 2007 +================ + + Jan ¦ - first stable release of the strongSwan 4.x branch, 4.1.0? + ¦ + Feb ¦ - refactoring of exchange handling for better code sharing, + ¦ we need to separate specific tasks to reuse them in multiple + ¦ exchanges + ¦ - merge of EAP authentication code / plugin loader + ¦ - merge of the virtual IP support currently in the pipeline + ¦ - merge of the experimental "mediated double-NAT" support + ¦ - write an IETF draft for this feature + ¦ + Mar ¦ - interface in charon for the new SMP management interface + ¦ - full certificate support + ¦ - Cookie support, other fixes to mature against DoS + ¦ + Apr ¦ - start porting efforts of IKEv1 into charon + ¦ - support of IKEv1 messages and payloads in charon + ¦ + May ¦ - migration of plutos state machine into charon + ¦ + Jun ¦ - get a useable IKEv1 implementation for simple cases + ¦ + Jul ¦ - first release of charon supporting IKEv2 and IKEv1, 4.9.0? + ¦ - holidays :-) + ¦ + Aug ¦ - get IKEv1 support to the level of pluto + ¦ + Sep ¦ + ¦ + Oct ¦ + ¦ + Nov ¦ + ¦ + Dec ¦ - feature complete release, 5.0.0! + ¦ - world domination + + +TODO-List +========= + +A set of TODOs. This is only a list of things I write down to not forget them. +Watch out for TODOs in the code. + +Build system +------------ +- configure flag which allows to ommit vendor id in pluto +- reduce printf handlers count to 10, as uClibc does not support more + +Denail of service +----------------- +- Cookie support +- thread exhaustion (multiple messages to a single IKE_SA) + +Certificate support +------------------- +- New trustchain mechanism? +- proper CERTREQ support +- proper handling of multiple certificate payloads (import order) +- synchronized CRL fetcher +- OCSP support +- Smartcard interface +- Attribute certificates + +Stroke interface +---------------- +- add a Rekey-Counter for SAs in "statusall" +- ipsec statusall bytecount +- detach console after first keyingtry +- proper handling of CTRL+C console detach (SIG_PIPE) + +Misc +---- +- retry transaction on failure while keyingtries > 1 |