[Swan-dev] More confusion of options to clean up regarding phase1 and phase2 options
Paul Wouters
paul at nohats.ca
Sat Apr 19 02:52:34 EEST 2014
I worked on the esp= / ike= mess yesterday by reviving the test case.
Also something I should not have put so much time in :( Those keywords
are a true mess, and it will get worse with EC. We need to deal with:
esp=/ah= or phase2alg= ?
same of different parser for phase2alg= versus ike= (phase1alg) ?
default proposal for ikev1 and ikev2, not the v1tov2 mess we have now.
allowing v2 style: esp=aes,3des,sha1,md5 ? Use that to build v1 style?
perhaps using a new keyword default-proposal or something ?
(v1 proposals are sets, v2 proposals are items)
rip out the crappy parser hacks scattered everywhere for these options.
fix the passert that the testing/lib/libswan/algparse now shows?
fix parsing (eg esp=modp1024)
deal with GROUP names. some are modp, some are dh, but the entire list has no common name. Perhaps use group= ?
pfsgroup=
confusion of esp=3des-sha1-modp1536 bs esp=3des-sha1;modp2048
deal with rsasigkey= versus ecsigkey or start using pubsigkey= ?
fix up AES CCM/GCM keywords, do not require silly "null" for auth
To me this is a higher priority than fixing "_". But the "_" fix is
something that can be done in a day, and I guess should just be done
now. The above is not :(
Paul
More information about the Swan-dev
mailing list