Added NEWS about mutual EAP-only authentication

author Martin Willi <martin@strongswan.org>

Thu, 7 Jan 2010 15:16:22 +0000 (16:16 +0100)

committer Martin Willi <martin@strongswan.org>

Thu, 7 Jan 2010 15:16:22 +0000 (16:16 +0100)
author Martin Willi <martin@strongswan.org>
Thu, 7 Jan 2010 15:16:22 +0000 (16:16 +0100)
committer Martin Willi <martin@strongswan.org>
Thu, 7 Jan 2010 15:16:22 +0000 (16:16 +0100)
diff --git a/NEWS b/NEWS

index 6480142..3fcb49c 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -35,6 +35,12 @@ strongswan-4.3.6
    "charon.send_vendor_id" option in strongswan.conf to let the remote peer know
    this is the case.
  
+- Experimental support for draft-eronen-ipsec-ikev2-eap-auth, where the
+  responder omits public key authentication in favor of a mutual authentication
+  method. To enable EAP-only authentication, set rightauth=eap on the responder
+  to rely only on the MSK constructed AUTH payload. This not-yet standardized
+  extension requires the strongSwan vendor ID introduced above.
+
  - The IKEv1 daemon ignores the Juniper SRX notification type 40001, thus
    allowing interoperability.
author	Martin Willi <martin@strongswan.org>
	Thu, 7 Jan 2010 15:16:22 +0000 (16:16 +0100)
committer	Martin Willi <martin@strongswan.org>
	Thu, 7 Jan 2010 15:16:22 +0000 (16:16 +0100)