[people/ms/strongswan.git] / TODO

                 -------------------------
                  strongSwan - Roadmap
                 -------------------------

These notes mostly belong to charon, the new IKEv2 daemon. The plan is to
migrate IKEv1 into charon. It's hard to say how much effort is needed to
do that, and how much code we can reuse from pluto. But a port IS necessary to
gain hassle-free confiugration, version negotiation and maintainability.

Roadmap 2007
============

 Mar  !   - Cookie support, IP filter, other fixes to mature against DoS
      !   - release IKEv2 p2p NATT draft 00
      !
 Apr  !   - PRF in CHILD_SA rekeying
      !   - configuration managament refactoring
      !   - credentials backend redesign
      !   - interface in charon for the XML based SMP management interface
      !   - reimplement IKEv2 p2p NATT support
      !
 May  !   - SMP configuration client
      !
 Jun  !   - start with IKEv1 migration strategy
      !
 Jul  !
      !
 Aug  !
      !
 Sep  !
      !
 Oct  !
      !
 Nov  !
      !
 Dec  !
      !


TODO-List
=========

A set of TODOs. This is only a list of things I write down to not forget them.
Watch out for TODOs in the code.
  
Build system
------------
- configure flag which allows to ommit vendor id in pluto
- reduce printf handlers count to 10, as uClibc does not support more
- remove %m printf handlers, as error may have changed until it reaches fprintf()

Certificate support
-------------------
- New trustchain mechanism?
- proper handling of multiple certificate payloads (import order)
- synchronized CRL fetcher
- Smartcard interface
- Attribute certificates

Stroke interface
----------------
- add a Rekey-Counter for SAs in "statusall"
- ipsec statusall bytecount
- proper handling of CTRL+C console detach (SIG_PIPE)

Misc
----
- PFS support for creating/rekeying CHILD_SAs
- Address pool/backend for virtual IP assignement
- fix iterator->insert_before/after
Commit	Line	Data
2b4405a3 MW	1	-------------------------
	2	strongSwan - Roadmap
	3	-------------------------
	4
	5	These notes mostly belong to charon, the new IKEv2 daemon. The plan is to
	6	migrate IKEv1 into charon. It's hard to say how much effort is needed to
	7	do that, and how much code we can reuse from pluto. But a port IS necessary to
	8	gain hassle-free confiugration, version negotiation and maintainability.
	9
59c5a853 MW	10	Roadmap 2007
59c5a853 MW	11	============
2b4405a3	12
59c5a853 MW	13	Mar ! - Cookie support, IP filter, other fixes to mature against DoS
59c5a853 MW	14	! - release IKEv2 p2p NATT draft 00
38ab8048	15	!
59c5a853 MW	16	Apr ! - PRF in CHILD_SA rekeying
59c5a853 MW	17	! - configuration managament refactoring
ed284399 MW	18	! - credentials backend redesign
ed284399 MW	19	! - interface in charon for the XML based SMP management interface
59c5a853	20	! - reimplement IKEv2 p2p NATT support
38ab8048	21	!
ed284399	22	May ! - SMP configuration client
38ab8048	23	!
59c5a853	24	Jun ! - start with IKEv1 migration strategy
38ab8048	25	!
59c5a853	26	Jul !
38ab8048	27	!
59c5a853	28	Aug !
38ab8048 MW	29	!
	30	Sep !
	31	!
	32	Oct !
	33	!
	34	Nov !
	35	!
59c5a853	36	Dec !
38ab8048	37	!
2b4405a3 MW	38
	39
	40	TODO-List
	41	=========
	42
	43	A set of TODOs. This is only a list of things I write down to not forget them.
	44	Watch out for TODOs in the code.
	45
	46	Build system
	47	------------
	48	- configure flag which allows to ommit vendor id in pluto
	49	- reduce printf handlers count to 10, as uClibc does not support more
e0fe7651	50	- remove %m printf handlers, as error may have changed until it reaches fprintf()
2b4405a3	51
2b4405a3 MW	52	Certificate support
	53	-------------------
	54	- New trustchain mechanism?
2b4405a3 MW	55	- proper handling of multiple certificate payloads (import order)
2b4405a3 MW	56	- synchronized CRL fetcher
2b4405a3 MW	57	- Smartcard interface
	58	- Attribute certificates
	59
	60	Stroke interface
	61	----------------
	62	- add a Rekey-Counter for SAs in "statusall"
	63	- ipsec statusall bytecount
2b4405a3 MW	64	- proper handling of CTRL+C console detach (SIG_PIPE)
	65
	66	Misc
	67	----
9b45443d MW	68	- PFS support for creating/rekeying CHILD_SAs
9b45443d MW	69	- Address pool/backend for virtual IP assignement
ed284399	70	- fix iterator->insert_before/after