- -------------------------
- strongSwan - Roadmap
- -------------------------
+ ----------------------
+ strongSwan - TODO
+ ----------------------
-These notes mostly belong to charon, the new IKEv2 daemon. The plan is to
-migrate IKEv1 into charon. It's hard to say how much effort is needed to
-do that, and how much code we can reuse from pluto. But a port IS necessary to
-gain hassle-free confiugration, version negotiation and maintainability.
+A roadmap of the strongSwan project is available online at:
-Roadmap 2007
-============
+ http://wiki.strongswan.org/projects/strongswan/roadmap
- Mar ! - Cookie support, IP filter, other fixes to mature against DoS
- ! - release IKEv2 p2p NATT draft 00
- !
- Apr ! - PRF in CHILD_SA rekeying
- ! - configuration managament refactoring
- ! - interface in charon for the new SMP management interface
- ! - reimplement IKEv2 p2p NATT support
- !
- May ! - XML configuration interface
- !
- Jun ! - start with IKEv1 migration strategy
- !
- Jul !
- !
- Aug !
- !
- Sep !
- !
- Oct !
- !
- Nov !
- !
- Dec !
- !
-
-
-TODO-List
-=========
-
-A set of TODOs. This is only a list of things I write down to not forget them.
-Watch out for TODOs in the code.
-
-Build system
-------------
-- configure flag which allows to ommit vendor id in pluto
-- reduce printf handlers count to 10, as uClibc does not support more
-
-Denail of service
------------------
-- Cookie support on server
-- thread exhaustion (multiple messages to a single IKE_SA)
-
-Certificate support
--------------------
-- New trustchain mechanism?
-- proper handling of multiple certificate payloads (import order)
-- synchronized CRL fetcher
-- Smartcard interface
-- Attribute certificates
-
-Stroke interface
-----------------
-- add a Rekey-Counter for SAs in "statusall"
-- ipsec statusall bytecount
-- proper handling of CTRL+C console detach (SIG_PIPE)
-
-Misc
-----
-- PFS support for creating/rekeying CHILD_SAs
-- Address pool/backend for virtual IP assignement