1$OpenBSD: TO-DO,v 1.26 2003/08/28 14:43:35 markus Exp $ 2$EOM: TO-DO,v 1.45 2000/04/07 22:47:38 niklas Exp $ 3 4This file mixes small nitpicks with large projects to be done. 5 6* Add debugging messages, maybe possible to control asynchronously. [done] 7 8* Implement the local policy governing logging and notification of exceptional 9 conditions. 10 11* A field description mechanism used for things like making packet dumps 12 readable etc. Both Photurisd and Pluto does this. [done] 13 14* Fix the cookies. <Niels> [done] 15 16* Garbage collect transports (ref-counting?). [done] 17 18* Retransmission/dup packet handling. [done] 19 20* Generic payload checks. [mostly done] 21 22* For math, speed up multiplication and division functions. 23 24* Cleanup of SAs when dropping messages. [done] 25 26* Look over message resource tracking. [done] 27 28* Retransmission timing & count adaptivity and configurability. 29 [configurability done] 30 31* Quick mode exchanges [done] 32 33* Aggressive mode exchange. [done] 34 35* Finish main mode exchange [done] 36 37* Separation of key exchange from the IPsec DOI, i.e. factor out IKE details. 38 39* Setup the IPsec situation field in the main mode. [done] 40 41* Kernel interface for IPsec parameter passing. [done] 42 43* Notify of unsupported situations. 44 45* Set/get field macros generated from the field descriptions. [done] 46 47* SIGHUP handler with reparsing of config file. [done] 48 49* RSA signature authentication. <Niels> [done] 50 51* DSS signature authentication. 52 53* RSA encryption authentication. 54 55* New group mode. 56 57* DELETE payload handling, and generation from ui. [generation done] 58 59* Deal well with incoming informational exchanges. [done] 60 61* Generate all possible SA attributes in quick mode. [done] 62 63* Validate incoming attribute according to policy, main mode. [done] 64 65* Validate incoming attribute according to policy, quick mode. [done] 66 67* Cleanup reserved SPIs on cleanup of associated SAs. [done] 68 69* Validate attribute types (i.e. that what the specs tells should be 70 basic). 71 72* Cleanup reserved SPIs in proposals never chosen. [done] 73 74* Add time measuring and reporting to the exchange code for catching of 75 bottlenecks. 76 77* Rescan interfaces on SIGHUP and on reception of messages on the INADDR_ANY 78 listener socket. [done] 79 80* Validate the configuration file. 81 82* Do a soft-limit on ISAKMP SA lifetime. [done] 83 84* Let the hard-limit on ISAKMP SA lifetime destroy the SA ASAP. [done] 85 86* IPsec rekeying. [done] 87 88* Store tunnels into SPD, and handle acquire SA events. [done] 89 90* If an exchange is on-going when a rekey event happens, drop the request. 91 [done] 92 93* INITIAL CONTACT notification sending when appropriate. [done] 94 95* INITIAL CONTACT notification handling. [done] 96 97* IPsec SAs could also do with timers protecting its lifetime, if say, 98 someone changed the lifetime of the IPsec SA in stack under us. [done] 99 100* Handle notifications showing the peer did not want to continue this exchange. 101 102* Flexible identification. 103 104* Remove referring flows when a SPI is removed. [done] 105 106* IPCOMP. 107 108* Acknowledged notification exchange. 109 110* Tiger hash. 111 112* El-Gamal public key encryption. 113 114* Check of attributes not being changed by the responder in phase 2. 115 116* See to the commit bit will never be used in phase 1. Give INVALID-FLAGS 117 if seeing it. 118 119* Base mode. 120 121* IKECFG [protocol done, configuration controls remain] 122 123* XAUTH framework. 124 125* PKCS#11 126 127* XAUTH hybrid frame work. 128 129* Specify extra certificates to send somehow. 130 131* Handle CERTs anywhere in an exchange. 132 133* Add a way to do multiple configuration commands via ui. 134 135* Replace ui's fifo with a slightly more versatile interface. 136 137* Report current configuration. [done] 138 139* IPv6 [done] 140 141* AES in phase 1 [done] 142 143* x509_certreq_validate needs implementing. 144 145* Smartcard support. 146