diff options
Diffstat (limited to 'keyexchange/isakmpd-20041012/TO-DO')
-rw-r--r-- | keyexchange/isakmpd-20041012/TO-DO | 145 |
1 files changed, 0 insertions, 145 deletions
diff --git a/keyexchange/isakmpd-20041012/TO-DO b/keyexchange/isakmpd-20041012/TO-DO deleted file mode 100644 index 7e397e4..0000000 --- a/keyexchange/isakmpd-20041012/TO-DO +++ /dev/null @@ -1,145 +0,0 @@ -$OpenBSD: TO-DO,v 1.26 2003/08/28 14:43:35 markus Exp $ -$EOM: TO-DO,v 1.45 2000/04/07 22:47:38 niklas Exp $ - -This file mixes small nitpicks with large projects to be done. - -* Add debugging messages, maybe possible to control asynchronously. [done] - -* Implement the local policy governing logging and notification of exceptional - conditions. - -* A field description mechanism used for things like making packet dumps - readable etc. Both Photurisd and Pluto does this. [done] - -* Fix the cookies. <Niels> [done] - -* Garbage collect transports (ref-counting?). [done] - -* Retransmission/dup packet handling. [done] - -* Generic payload checks. [mostly done] - -* For math, speed up multiplication and division functions. - -* Cleanup of SAs when dropping messages. [done] - -* Look over message resource tracking. [done] - -* Retransmission timing & count adaptivity and configurability. - [configurability done] - -* Quick mode exchanges [done] - -* Aggressive mode exchange. [done] - -* Finish main mode exchange [done] - -* Separation of key exchange from the IPsec DOI, i.e. factor out IKE details. - -* Setup the IPsec situation field in the main mode. [done] - -* Kernel interface for IPsec parameter passing. [done] - -* Notify of unsupported situations. - -* Set/get field macros generated from the field descriptions. [done] - -* SIGHUP handler with reparsing of config file. [done] - -* RSA signature authentication. <Niels> [done] - -* DSS signature authentication. - -* RSA encryption authentication. - -* New group mode. - -* DELETE payload handling, and generation from ui. [generation done] - -* Deal well with incoming informational exchanges. [done] - -* Generate all possible SA attributes in quick mode. [done] - -* Validate incoming attribute according to policy, main mode. [done] - -* Validate incoming attribute according to policy, quick mode. [done] - -* Cleanup reserved SPIs on cleanup of associated SAs. [done] - -* Validate attribute types (i.e. that what the specs tells should be - basic). - -* Cleanup reserved SPIs in proposals never chosen. [done] - -* Add time measuring and reporting to the exchange code for catching of - bottlenecks. - -* Rescan interfaces on SIGHUP and on reception of messages on the INADDR_ANY - listener socket. [done] - -* Validate the configuration file. - -* Do a soft-limit on ISAKMP SA lifetime. [done] - -* Let the hard-limit on ISAKMP SA lifetime destroy the SA ASAP. [done] - -* IPsec rekeying. [done] - -* Store tunnels into SPD, and handle acquire SA events. [done] - -* If an exchange is on-going when a rekey event happens, drop the request. - [done] - -* INITIAL CONTACT notification sending when appropriate. [done] - -* INITIAL CONTACT notification handling. [done] - -* IPsec SAs could also do with timers protecting its lifetime, if say, - someone changed the lifetime of the IPsec SA in stack under us. [done] - -* Handle notifications showing the peer did not want to continue this exchange. - -* Flexible identification. - -* Remove referring flows when a SPI is removed. [done] - -* IPCOMP. - -* Acknowledged notification exchange. - -* Tiger hash. - -* El-Gamal public key encryption. - -* Check of attributes not being changed by the responder in phase 2. - -* See to the commit bit will never be used in phase 1. Give INVALID-FLAGS - if seeing it. - -* Base mode. - -* IKECFG [protocol done, configuration controls remain] - -* XAUTH framework. - -* PKCS#11 - -* XAUTH hybrid frame work. - -* Specify extra certificates to send somehow. - -* Handle CERTs anywhere in an exchange. - -* Add a way to do multiple configuration commands via ui. - -* Replace ui's fifo with a slightly more versatile interface. - -* Report current configuration. [done] - -* IPv6 [done] - -* AES in phase 1 [done] - -* x509_certreq_validate needs implementing. - -* Smartcard support. |