added a roadmap of the strongSwan project (TODO)

added some NEWS
2006-12-19 10:46:58 +00:00 · 2006-12-19 10:46:58 +00:00 · 2b4405a3e7
parent 532f2347dc
commit 2b4405a3e7
3 changed files with 94 additions and 84 deletions
--- a/10
+++ b/10
@ -1,3 +1,13 @@
+strongswan-4.0.6
+----------------
+
+- IKEv2: Support for reauthentication when rekeying
+
+- fixed most (all?) bugs related to byte order
+
+- a lot of bugfixes
+
+
 strongswan-4.0.5
 ----------------

--- a/84
+++ b/84
@ -0,0 +1,84 @@
+                 -------------------------
+                  strongSwan - Roadmap
+                 -------------------------
+
+These notes mostly belong to charon, the new IKEv2 daemon. The plan is to
+migrate IKEv1 into charon. It's hard to say how much effort is needed to
+do that, and how much code we can reuse from pluto. But a port IS necessary to
+gain hassle-free confiugration, version negotiation and maintainability.
+
+Roadmap for 2007
+================
+
+ Jan  ¦   - first stable release of the strongSwan 4.x branch, 4.1.0?
+      ¦
+ Feb  ¦   - refactoring of exchange handling for better code sharing,
+      ¦     we need to separate specific tasks to reuse them in multiple
+      ¦     exchanges
+      ¦   - merge of EAP authentication code / plugin loader
+      ¦   - merge of the virtual IP support currently in the pipeline
+      ¦   - merge of the experimental "mediated double-NAT" support
+      ¦   - write an IETF draft for this feature
+      ¦
+ Mar  ¦   - interface in charon for the new SMP management interface
+      ¦   - full certificate support
+      ¦   - Cookie support, other fixes to mature against DoS
+      ¦
+ Apr  ¦   - start porting efforts of IKEv1 into charon
+      ¦   - support of IKEv1 messages and payloads in charon
+      ¦
+ May  ¦   - migration of plutos state machine into charon
+      ¦
+ Jun  ¦   - get a useable IKEv1 implementation for simple cases
+      ¦
+ Jul  ¦   - first release of charon supporting IKEv2 and IKEv1, 4.9.0?
+      ¦   - holidays :-)
+      ¦
+ Aug  ¦   - get IKEv1 support to the level of pluto
+      ¦
+ Sep  ¦
+      ¦
+ Oct  ¦
+      ¦
+ Nov  ¦
+      ¦
+ Dec  ¦   - feature complete release, 5.0.0!
+      ¦   - world domination
+
+
+TODO-List
+=========
+
+A set of TODOs. This is only a list of things I write down to not forget them.
+Watch out for TODOs in the code.
+  
+Build system
+------------
+- configure flag which allows to ommit vendor id in pluto
+- reduce printf handlers count to 10, as uClibc does not support more
+
+Denail of service
+-----------------
+- Cookie support
+- thread exhaustion (multiple messages to a single IKE_SA)
+
+Certificate support
+-------------------
+- New trustchain mechanism?
+- proper CERTREQ support
+- proper handling of multiple certificate payloads (import order)
+- synchronized CRL fetcher
+- OCSP support
+- Smartcard interface
+- Attribute certificates
+
+Stroke interface
+----------------
+- add a Rekey-Counter for SAs in "statusall"
+- ipsec statusall bytecount
+- detach console after first keyingtry
+- proper handling of CTRL+C console detach (SIG_PIPE)
+
+Misc
+----
+- retry transaction on failure while keyingtries > 1
--- a/src/charon/doc/Todo-list.txt
+++ b/src/charon/doc/Todo-list.txt
@ -1,84 +0,0 @@
-Todo-List for charon
--------------------
-
-+ = done, / = partial, - = todo, ordered by priority
-
-
-+ private key loading: der, without passphrase
-+ load all private keys from ipsec.d/private/ in stroke.c
-+ handle leftcert and rightcert in starterstroke.c/stroke.c
-+ load specified certs in stroke.c
-+ extract public keys from certs
-+ public key authentication
-+ release for Andreas
-
-+ stroke loglevels
-+ stroke up
-+ ike_sa_manager checkout_by_hosts
-+ stroke down
-+ stroke output redirection
-+ stroke status
-
-+ libx509
-  + new charon build - libstrong?
-    + transforms
-    + utils (plus host)
-    + logger_manager instance in lib
-    + leak detective usable for charon and pluto and anything else
-  + integrate asn1 parser/oid (asn1/oid)
-  + integrate basic PEM loading
-  + port x509 stuff
-
-+ doxygen cleanup (charon/lib)
-+ new build environment (autotools?)
-
-+ useable certificate support
-  + more id types (use atodn from pluto)
-  + rewrite certificate storage the clean way
-  + further subjectAltName support
-  + certificate validation/chaining
-  + certificate exchange
-
-+ Apply -W's from Makefile.program to charon
-+ do ipsec status via starter
-
-+ stroke status should show configured connections
-+ stroke loglevel update
-+ stroke argument parsing via getopts/gperf?
-
-+ ipsec.secrets parsing
-
-+ trapping
-+ proper delete messages
-+ notifys on connection setup failure
-+ create child sa message/rekeying
-+ IKE_SA rekeying
-  + handle all simultaneous rekeying/delete/create cases
-
-+ replace state machine with something more transaction oriented
-+ find existing IKE_SA on CHILD_SA initiation
-
-+ use dpdaction/dpddelay parameters from ipsec.conf
-+ add firewall script support
-+ do not link unneeded libraries in bins
-+ include only a minimum of NATD payloads
-+ implement 3DES to load encrypted pem files
-+ implement a "event bus" mechanism
-  + add more output to to up/down, somehow...
-  - detach console after first keyingtry
-  - proper handling of CTRL+C console detach (SIG_PIPE)
- configure flag which allows to ommit vendor id in pluto
- ikelifetime should optionally enforce reauthentication
- cookies/DDoS prevention
- implement a mechanism against thread exhaustion
-  when a blocked IKE_SA receives a lot of messages
- add a crl fetch mechanism which synchronizes equal fetches
- add support for CERTREQs
- proper handling of multiple certificate payloads (import order)
- add a Rekey-Counter for SAs in "statusall"
- ipsec status:
-  + on one line: ip, id, spi
-  + no key age, rekey for IKE
-  - byte count
- retry transaction on failure while keyingtries > 1
- reduce printf handlers count to 10, as uClibc does not support more