From: Reto Buerki <reet@codelabs.ch>
Date: Mon, 18 Mar 2013 15:13:55 +0000 (+0100)
Subject:  Add NEWS about TKM separation
X-Git-Tag: 5.0.3rc1~39^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=db50a35ad86c95e7b2aeb13e7dae50d3f7127336;p=thirdparty%2Fstrongswan.git

 Add NEWS about TKM separation
---

diff --git a/NEWS b/NEWS
index b4bc162d09..10c8353b89 100644
--- a/NEWS
+++ b/NEWS
@@ -43,6 +43,14 @@ strongswan-5.0.3
   any authentication.  Therefore, to use this backend it has to be selected
   explicitly with rightauth2=xauth-noauth.
 
+- The new charon-tkm IKEv2 daemon delegates security critical operations to a
+  separate process. This has the benefit that the network facing daemon has no
+  knowledge of keying material used to protect child SAs. Thus subverting
+  charon-tkm does not result in the compromise of cryptographic keys.
+  The extracted functionality has been implemented from scratch in a minimal TCB
+  (trusted computing base) in the Ada programming language. Further information
+  can be found at http://www.codelabs.ch/tkm/.
+
 strongswan-5.0.2
 ----------------