[Swan-dev] More confusion of options to clean up regarding phase1 and phase2 options

Paul Wouters paul at nohats.ca
Sat Apr 19 02:52:34 EEST 2014


I worked on the esp= / ike= mess yesterday by reviving the test case.
Also something I should not have put so much time in :( Those keywords
are a true mess, and it will get worse with EC. We need to deal with:

 	esp=/ah= or phase2alg= ?

 	same of different parser for phase2alg= versus ike= (phase1alg) ?

 	default proposal for ikev1 and ikev2, not the v1tov2 mess we have now.

 	allowing v2 style: esp=aes,3des,sha1,md5 ? Use that to build v1 style?
 	perhaps using a new keyword default-proposal or something ?

 	(v1 proposals are sets, v2 proposals are items)

 	rip out the crappy parser hacks scattered everywhere for these options.

 	fix the passert that the testing/lib/libswan/algparse now shows?

 	fix parsing (eg esp=modp1024)

 	deal with GROUP names. some are modp, some are dh, but the entire list has no common name. Perhaps use group= ?

 	pfsgroup=

 	confusion of esp=3des-sha1-modp1536 bs esp=3des-sha1;modp2048

 	deal with rsasigkey= versus ecsigkey or start using pubsigkey= ?

 	fix up AES CCM/GCM keywords, do not require silly "null" for auth

To me this is a higher priority than fixing "_". But the "_" fix is
something that can be done in a day, and I guess should just be done
now. The above is not :(

Paul


More information about the Swan-dev mailing list