diff options
| author | itojun <itojun@pkgsrc.org> | 2000-06-12 16:00:45 +0000 |
|---|---|---|
| committer | itojun <itojun@pkgsrc.org> | 2000-06-12 16:00:45 +0000 |
| commit | e65cd2914cf699d9ff339e7cb51ab886a9c152ad (patch) | |
| tree | 0ecef0b73597dd23c4f8812849516438f37a6a1c /security | |
| parent | 9d0cf0d68a1d161a38ac7f70641bfe40d6f978a1 (diff) | |
| download | pkgsrc-e65cd2914cf699d9ff339e7cb51ab886a9c152ad.tar.gz | |
add couple of more issues and a design choice.
Diffstat (limited to 'security')
| -rw-r--r-- | security/racoon/pkg/DESCR | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/security/racoon/pkg/DESCR b/security/racoon/pkg/DESCR index ebe356d1d70..a74946eb51e 100644 --- a/security/racoon/pkg/DESCR +++ b/security/racoon/pkg/DESCR @@ -2,10 +2,18 @@ racoon speaks IKE (ISAKMP/Oakley) key management protocol, to establish security association with other hosts. Known issues: -- cannot negotiate SA bundle, like "AH + ESP". -- too many usage of dynamic memory allocation, which leads to memory leak. -- non-threaded implementation. simultaneous key negotiation performance +- Cannot negotiate SA bundle, like "AH + ESP". Will be fixed soon. +- Too many use of dynamic memory allocation, which leads to memory leak. +- Non-threaded implementation. Simultaneous key negotiation performance should be improved. -- cryptic configuration syntax - blame IPsec specification too... +- Cannot negotiate keys for per-socket policy. +- Cryptic configuration syntax - blame IPsec specification too... +- Needs more documentation. + +Design choice, not a bug: +- racoon negotiate IPsec keys only. It does not negotiate policy. Policy must + be configured into the kernel separately from racoon. If you want to + support roaming clients, you may need to have a mechanism to put policy + for the roaming client after phase 1 finhises. Bug reports should be sent to http://orange.kame.net/dev/send-pr.html. |