diff options
| author | itojun <itojun> | 2000-06-12 16:00:45 +0000 |
|---|---|---|
| committer | itojun <itojun> | 2000-06-12 16:00:45 +0000 |
| commit | fcbdf99a6358ab24e53e0f77bf7416f5db58fbb8 (patch) | |
| tree | 0ecef0b73597dd23c4f8812849516438f37a6a1c | |
| parent | 32c913a83a18e5f9c14eeea332482d44e66db10f (diff) | |
| download | pkgsrc-fcbdf99a6358ab24e53e0f77bf7416f5db58fbb8.tar.gz | |
add couple of more issues and a design choice.
| -rw-r--r-- | security/racoon/pkg/DESCR | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/security/racoon/pkg/DESCR b/security/racoon/pkg/DESCR index ebe356d1d70..a74946eb51e 100644 --- a/security/racoon/pkg/DESCR +++ b/security/racoon/pkg/DESCR @@ -2,10 +2,18 @@ racoon speaks IKE (ISAKMP/Oakley) key management protocol, to establish security association with other hosts. Known issues: -- cannot negotiate SA bundle, like "AH + ESP". -- too many usage of dynamic memory allocation, which leads to memory leak. -- non-threaded implementation. simultaneous key negotiation performance +- Cannot negotiate SA bundle, like "AH + ESP". Will be fixed soon. +- Too many use of dynamic memory allocation, which leads to memory leak. +- Non-threaded implementation. Simultaneous key negotiation performance should be improved. -- cryptic configuration syntax - blame IPsec specification too... +- Cannot negotiate keys for per-socket policy. +- Cryptic configuration syntax - blame IPsec specification too... +- Needs more documentation. + +Design choice, not a bug: +- racoon negotiate IPsec keys only. It does not negotiate policy. Policy must + be configured into the kernel separately from racoon. If you want to + support roaming clients, you may need to have a mechanism to put policy + for the roaming client after phase 1 finhises. Bug reports should be sent to http://orange.kame.net/dev/send-pr.html. |