This is actually Henry's to-do file, which covers more than just the
utilities, but had to go somewhere...

(H = high, M = medium, L = low, list otherwise unordered)

H  start known-failure-modes document ("if X goes wrong, it's probably Y")
H  make check
H  investigate freeswan.h path problem, library build problems in Klips
H  try to localize all pathnames in top/Makefile
H  general manpages (ipsec? klips?) and refs to same (incl bugs)
H  do *something* about ipsec-manual reporting, e.g., which spi had trouble
H  investigate cross-compiles
H  general name/address mapping for manual
H  should look check tncfg to see if everything looks okay?
H  use --label in manual, auto
H  add reverse-lookup option to addrtoa
H  get rid of the obsolete-syntax provisions in manual and auto
H  check for unknown parameters in ipsec.conf, issue warnings
H  copyright() library function
H  usage messages from scripts should reflect ipsec prefix command
H  setup should take --start as a synonym for start
H  example tunnels to SSH test host, ours?

M  automatic CHANGES mailer
M  improve web page
M  where should Pluto logging really go?
M  figure out the right RCS keywords, make sure everything has them
M  sort out copyrights, ensure notices in the right places
M  more checking in Makefile (kernel config)
M  basic regression testing (hooks needed in Klips and Pluto?)
M  anything we can do to confirm successful encryption without a snooper host?
M  beginnings of SPD design
M  data-formats audit (e.g. all hex numbers have 0x?)
M  audit for all --help output to stdout, all diagnostics to stderr
M  ifconfig, etc. mods to use our syntaxes
M  asymmetric encryption methods etc.
M  "ipsec auto update" (updates Pluto to match control file)?
M  global defaults in control file for, e.g., leftfirewall
M  way to force renegotiation of all connections
M  cache name-address mapping so we can trust it, fail if it changes
M  tighten security on manual keying, avoiding ps snooping etc.
M  overrides for barf syslog filenames in ipsec.conf
M  logger newlines
M  some provision for staggering rekeying times automatically

L  GUI configurer (via linuxconf)
L  PGP encryption for tattler reports, snapshot-built reports
L  more SPD design
L  more thorough regression testing, full functionality, corner cases
L  examples in manpages
L  do daemons need to auto-restart on death?

This file is RCSID $Id: TODO,v 1.19 1999/04/12 22:11:40 henry Exp $
