1 -------------------------
3 -------------------------
5 These notes mostly belong to charon, the new IKEv2 daemon. The plan is to
6 migrate IKEv1 into charon. It's hard to say how much effort is needed to
7 do that, and how much code we can reuse from pluto. But a port IS necessary to
8 gain hassle-free confiugration, version negotiation and maintainability.
13 Jan ! - first stable release of the strongSwan 4.x branch
15 Feb ! - refactoring of exchange handling for better code sharing,
16 ! we need to separate specific tasks to reuse them in multiple
18 ! - merge of EAP authentication code / plugin loader
19 ! - merge of the virtual IP support currently in the pipeline
21 Mar ! - interface in charon for the new SMP management interface
22 ! - full certificate support
23 ! - Cookie support, other fixes to mature against DoS
24 ! - merge of the experimental "mediated double-NAT" support
25 ! - write an IETF draft for this feature
27 Apr ! - start porting efforts of IKEv1 into charon
28 ! - support of IKEv1 messages and payloads in charon
30 May ! - migration of plutos state machine into charon
32 Jun ! - get a useable IKEv1 implementation for simple cases
34 Jul ! - first release of charon supporting IKEv2 and IKEv1
36 Aug ! - get IKEv1 support to the level of pluto
44 Dec ! - feature complete release
51 A set of TODOs. This is only a list of things I write down to not forget them.
52 Watch out for TODOs in the code.
56 - configure flag which allows to ommit vendor id in pluto
57 - reduce printf handlers count to 10, as uClibc does not support more
61 - Cookie support on server
62 - thread exhaustion (multiple messages to a single IKE_SA)
66 - New trustchain mechanism?
67 - proper handling of multiple certificate payloads (import order)
68 - synchronized CRL fetcher
70 - Attribute certificates
74 - add a Rekey-Counter for SAs in "statusall"
75 - ipsec statusall bytecount
76 - proper handling of CTRL+C console detach (SIG_PIPE)
80 - retry transaction on failure while keyingtries > 1
81 - PFS support for creating/rekeying CHILD_SAs
82 - Address pool/backend for virtual IP assignement