[people/ms/strongswan.git] / TODO

                 -------------------------
                  strongSwan - Roadmap
                 -------------------------

These notes mostly belong to charon, the new IKEv2 daemon. The plan is to
migrate IKEv1 into charon. It's hard to say how much effort is needed to
do that, and how much code we can reuse from pluto. But a port IS necessary to
gain hassle-free confiugration, version negotiation and maintainability.

Roadmap for 2007
================

 Jan  ¦   - first stable release of the strongSwan 4.x branch, 4.1.0?
      ¦
 Feb  ¦   - refactoring of exchange handling for better code sharing,
      ¦     we need to separate specific tasks to reuse them in multiple
      ¦     exchanges
      ¦   - merge of EAP authentication code / plugin loader
      ¦   - merge of the virtual IP support currently in the pipeline
      ¦   - merge of the experimental "mediated double-NAT" support
      ¦   - write an IETF draft for this feature
      ¦
 Mar  ¦   - interface in charon for the new SMP management interface
      ¦   - full certificate support
      ¦   - Cookie support, other fixes to mature against DoS
      ¦
 Apr  ¦   - start porting efforts of IKEv1 into charon
      ¦   - support of IKEv1 messages and payloads in charon
      ¦
 May  ¦   - migration of plutos state machine into charon
      ¦
 Jun  ¦   - get a useable IKEv1 implementation for simple cases
      ¦
 Jul  ¦   - first release of charon supporting IKEv2 and IKEv1, 4.9.0?
      ¦   - holidays :-)
      ¦
 Aug  ¦   - get IKEv1 support to the level of pluto
      ¦
 Sep  ¦
      ¦
 Oct  ¦
      ¦
 Nov  ¦
      ¦
 Dec  ¦   - feature complete release, 5.0.0!
      ¦   - world domination


TODO-List
=========

A set of TODOs. This is only a list of things I write down to not forget them.
Watch out for TODOs in the code.
  
Build system
------------
- configure flag which allows to ommit vendor id in pluto
- reduce printf handlers count to 10, as uClibc does not support more

Denail of service
-----------------
- Cookie support
- thread exhaustion (multiple messages to a single IKE_SA)

Certificate support
-------------------
- New trustchain mechanism?
- proper CERTREQ support
- proper handling of multiple certificate payloads (import order)
- synchronized CRL fetcher
- OCSP support
- Smartcard interface
- Attribute certificates

Stroke interface
----------------
- add a Rekey-Counter for SAs in "statusall"
- ipsec statusall bytecount
- detach console after first keyingtry
- proper handling of CTRL+C console detach (SIG_PIPE)

Misc
----
- retry transaction on failure while keyingtries > 1
Commit	Line	Data
2b4405a3 MW	1	-------------------------
	2	strongSwan - Roadmap
	3	-------------------------
	4
	5	These notes mostly belong to charon, the new IKEv2 daemon. The plan is to
	6	migrate IKEv1 into charon. It's hard to say how much effort is needed to
	7	do that, and how much code we can reuse from pluto. But a port IS necessary to
	8	gain hassle-free confiugration, version negotiation and maintainability.
	9
	10	Roadmap for 2007
	11	================
	12
	13	Jan ¦ - first stable release of the strongSwan 4.x branch, 4.1.0?
	14	¦
	15	Feb ¦ - refactoring of exchange handling for better code sharing,
	16	¦ we need to separate specific tasks to reuse them in multiple
	17	¦ exchanges
	18	¦ - merge of EAP authentication code / plugin loader
	19	¦ - merge of the virtual IP support currently in the pipeline
	20	¦ - merge of the experimental "mediated double-NAT" support
	21	¦ - write an IETF draft for this feature
	22	¦
	23	Mar ¦ - interface in charon for the new SMP management interface
	24	¦ - full certificate support
	25	¦ - Cookie support, other fixes to mature against DoS
	26	¦
	27	Apr ¦ - start porting efforts of IKEv1 into charon
	28	¦ - support of IKEv1 messages and payloads in charon
	29	¦
	30	May ¦ - migration of plutos state machine into charon
	31	¦
	32	Jun ¦ - get a useable IKEv1 implementation for simple cases
	33	¦
	34	Jul ¦ - first release of charon supporting IKEv2 and IKEv1, 4.9.0?
	35	¦ - holidays :-)
	36	¦
	37	Aug ¦ - get IKEv1 support to the level of pluto
	38	¦
	39	Sep ¦
	40	¦
	41	Oct ¦
	42	¦
	43	Nov ¦
	44	¦
	45	Dec ¦ - feature complete release, 5.0.0!
	46	¦ - world domination
	47
	48
	49	TODO-List
	50	=========
	51
	52	A set of TODOs. This is only a list of things I write down to not forget them.
	53	Watch out for TODOs in the code.
	54
	55	Build system
	56	------------
	57	- configure flag which allows to ommit vendor id in pluto
	58	- reduce printf handlers count to 10, as uClibc does not support more
	59
	60	Denail of service
	61	-----------------
	62	- Cookie support
	63	- thread exhaustion (multiple messages to a single IKE_SA)
	64
65	Certificate support
66	-------------------
67	- New trustchain mechanism?
68	- proper CERTREQ support
69	- proper handling of multiple certificate payloads (import order)
70	- synchronized CRL fetcher
71	- OCSP support
72	- Smartcard interface
73	- Attribute certificates
74
75	Stroke interface
76	----------------
77	- add a Rekey-Counter for SAs in "statusall"
78	- ipsec statusall bytecount
79	- detach console after first keyingtry
80	- proper handling of CTRL+C console detach (SIG_PIPE)
81
82	Misc
83	----
84	- retry transaction on failure while keyingtries > 1