[ViewVC] Diff of: cvs/gvpe/NEWS

Comparing gvpe/NEWS (file contents):
Revision 1.121 by root, Thu Jan 16 07:53:44 2014 UTC vs.
Revision 1.122 by root, Fri Jan 17 19:47:08 2014 UTC

 TODO: bridge mode, finally?
 TODO: gcm mode?
 TODO: replace ripemd160 as the only authentication hash.
 TODO: increase rsa size.
 TODO: replace transport bits by transport endpoint structs?
-TODO: ecdh to avoid session replay attacks
 TODO: http://incog-izick.blogspot.de/2011/08/using-openssl-aes-gcm.html
 TODO: http://stackoverflow.com/questions/12153009/openssl-c-example-of-aes-gcm-using-evp-interfaces
-proposed: 3 types, req, resreq, res
-req (hmac1) rsa(seqno1 hmac1 aes1 seqno2 hmac2 aes2 auth) ecdh1
-res (hmac1) hash(rsa-contents) ecdh2
-req hmac0(*) rsa(seqno hmac0 hmac aes auth) hkdf-salt ecdh1
-res hmac0(rsa-contents ecdh2)
-   hmac_key = hkdf(hkdf-salt, hmac | ecdh)
-   aes_key  = hkdf(hkdf-salt, aes  | ecdh)
-TODO: protocol magic fixen(!!!)
-TODO: "global"
 TODO: verify
 TODO: make sense of overhead calculation
 TODO: if-up &c should not be scripts?
-TODO: low-power
 TODO: ipv6
+TODO: gvpectrl should not use default privatekey,. or maybe document it better
 	- INCOMPATIBLE CHANGE: core protocol version 1.0.
         - INCOMPATIBLE CHANGE: node sextions are now introduced
           with "node nodename", not "node = nodename".
         - while individual packets couldn't be replayed, a whole session
           could be replayed - this has been fixed by an extra key exchange.

-–
+Removed lines
-+
+Added lines
-<
+Changed lines
->
+Changed lines