- -------------------------
- strongSwan - Roadmap
- -------------------------
+ ----------------------
+ strongSwan - TODO
+ ----------------------
-These notes mostly belong to charon, the new IKEv2 daemon. The plan is to
-migrate IKEv1 into charon. It's hard to say how much effort is needed to
-do that, and how much code we can reuse from pluto. But a port IS necessary to
-gain hassle-free confiugration, version negotiation and maintainability.
+A roadmap of the strongSwan project is available online at:
-Roadmap for 2007
-================
+ http://wiki.strongswan.org/projects/strongswan/roadmap
- Jan ! - first stable release of the strongSwan 4.x branch
- !
- Feb ! - refactoring of exchange handling for better code sharing,
- ! we need to separate specific tasks to reuse them in multiple
- ! exchanges
- ! - merge of EAP authentication code / plugin loader
- ! - merge of the virtual IP support currently in the pipeline
- !
- Mar ! - interface in charon for the new SMP management interface
- ! - full certificate support
- ! - Cookie support, other fixes to mature against DoS
- ! - merge of the experimental "mediated double-NAT" support
- ! - write an IETF draft for this feature
- !
- Apr ! - start porting efforts of IKEv1 into charon
- ! - support of IKEv1 messages and payloads in charon
- !
- May ! - migration of plutos state machine into charon
- !
- Jun ! - get a useable IKEv1 implementation for simple cases
- !
- Jul ! - first release of charon supporting IKEv2 and IKEv1
- !
- Aug ! - get IKEv1 support to the level of pluto
- !
- Sep !
- !
- Oct !
- !
- Nov !
- !
- Dec ! - feature complete release
- !
-
-
-TODO-List
-=========
-
-A set of TODOs. This is only a list of things I write down to not forget them.
-Watch out for TODOs in the code.
-
-Build system
-------------
-- configure flag which allows to ommit vendor id in pluto
-- reduce printf handlers count to 10, as uClibc does not support more
-
-Denail of service
------------------
-- Cookie support on server
-- thread exhaustion (multiple messages to a single IKE_SA)
-
-Certificate support
--------------------
-- New trustchain mechanism?
-- proper handling of multiple certificate payloads (import order)
-- synchronized CRL fetcher
-- Smartcard interface
-- Attribute certificates
-
-Stroke interface
-----------------
-- add a Rekey-Counter for SAs in "statusall"
-- ipsec statusall bytecount
-- proper handling of CTRL+C console detach (SIG_PIPE)
-
-Misc
-----
-- retry transaction on failure while keyingtries > 1
-- PFS support for creating/rekeying CHILD_SAs
-- Address pool/backend for virtual IP assignement