From 6585e5ad764ee2414d9b01f30784b6549bc8f58e Mon Sep 17 00:00:00 2001 From: Othmar Gsenger Date: Mon, 30 Jul 2007 19:37:53 +0000 Subject: added keyexchange --- keyexchange/isakmpd-20041012/TO-DO | 145 +++++++++++++++++++++++++++++++++++++ 1 file changed, 145 insertions(+) create mode 100644 keyexchange/isakmpd-20041012/TO-DO (limited to 'keyexchange/isakmpd-20041012/TO-DO') diff --git a/keyexchange/isakmpd-20041012/TO-DO b/keyexchange/isakmpd-20041012/TO-DO new file mode 100644 index 0000000..7e397e4 --- /dev/null +++ b/keyexchange/isakmpd-20041012/TO-DO @@ -0,0 +1,145 @@ +$OpenBSD: TO-DO,v 1.26 2003/08/28 14:43:35 markus Exp $ +$EOM: TO-DO,v 1.45 2000/04/07 22:47:38 niklas Exp $ + +This file mixes small nitpicks with large projects to be done. + +* Add debugging messages, maybe possible to control asynchronously. [done] + +* Implement the local policy governing logging and notification of exceptional + conditions. + +* A field description mechanism used for things like making packet dumps + readable etc. Both Photurisd and Pluto does this. [done] + +* Fix the cookies. [done] + +* Garbage collect transports (ref-counting?). [done] + +* Retransmission/dup packet handling. [done] + +* Generic payload checks. [mostly done] + +* For math, speed up multiplication and division functions. + +* Cleanup of SAs when dropping messages. [done] + +* Look over message resource tracking. [done] + +* Retransmission timing & count adaptivity and configurability. + [configurability done] + +* Quick mode exchanges [done] + +* Aggressive mode exchange. [done] + +* Finish main mode exchange [done] + +* Separation of key exchange from the IPsec DOI, i.e. factor out IKE details. + +* Setup the IPsec situation field in the main mode. [done] + +* Kernel interface for IPsec parameter passing. [done] + +* Notify of unsupported situations. + +* Set/get field macros generated from the field descriptions. [done] + +* SIGHUP handler with reparsing of config file. [done] + +* RSA signature authentication. [done] + +* DSS signature authentication. + +* RSA encryption authentication. + +* New group mode. + +* DELETE payload handling, and generation from ui. [generation done] + +* Deal well with incoming informational exchanges. [done] + +* Generate all possible SA attributes in quick mode. [done] + +* Validate incoming attribute according to policy, main mode. [done] + +* Validate incoming attribute according to policy, quick mode. [done] + +* Cleanup reserved SPIs on cleanup of associated SAs. [done] + +* Validate attribute types (i.e. that what the specs tells should be + basic). + +* Cleanup reserved SPIs in proposals never chosen. [done] + +* Add time measuring and reporting to the exchange code for catching of + bottlenecks. + +* Rescan interfaces on SIGHUP and on reception of messages on the INADDR_ANY + listener socket. [done] + +* Validate the configuration file. + +* Do a soft-limit on ISAKMP SA lifetime. [done] + +* Let the hard-limit on ISAKMP SA lifetime destroy the SA ASAP. [done] + +* IPsec rekeying. [done] + +* Store tunnels into SPD, and handle acquire SA events. [done] + +* If an exchange is on-going when a rekey event happens, drop the request. + [done] + +* INITIAL CONTACT notification sending when appropriate. [done] + +* INITIAL CONTACT notification handling. [done] + +* IPsec SAs could also do with timers protecting its lifetime, if say, + someone changed the lifetime of the IPsec SA in stack under us. [done] + +* Handle notifications showing the peer did not want to continue this exchange. + +* Flexible identification. + +* Remove referring flows when a SPI is removed. [done] + +* IPCOMP. + +* Acknowledged notification exchange. + +* Tiger hash. + +* El-Gamal public key encryption. + +* Check of attributes not being changed by the responder in phase 2. + +* See to the commit bit will never be used in phase 1. Give INVALID-FLAGS + if seeing it. + +* Base mode. + +* IKECFG [protocol done, configuration controls remain] + +* XAUTH framework. + +* PKCS#11 + +* XAUTH hybrid frame work. + +* Specify extra certificates to send somehow. + +* Handle CERTs anywhere in an exchange. + +* Add a way to do multiple configuration commands via ui. + +* Replace ui's fifo with a slightly more versatile interface. + +* Report current configuration. [done] + +* IPv6 [done] + +* AES in phase 1 [done] + +* x509_certreq_validate needs implementing. + +* Smartcard support. -- cgit v1.2.3