-TODO
-====
+TODO/bugs in Irssi SILC client
+==============================
-This is more or less complete list of tasks that has to be done before
-SILC 1.0 could ever be released. It is clear that the list does not
-include all the bugs that exists. At the end of list are tasks that
-needs to be done but are probably post 1.0.
+ o Add local command to switch the channel's private key when channel has
+ several private keys. Currently sending channel messages with many
+ keys is not possible because changing the key is not possible by the
+ user.
-Feel free to contribute if you have the ability and free time - all the
-help is really appreciated - and needed.
+ o JOINing to +a (requires passphrase to JOIN) does not work on autojoin.
+ Seems the passwords in the .silc/config has no effect.
- - Pekka
+ o Add local commands to list the current server and client public keys
+ that the user has. And a local command to dump the contents of the
+ public key to the screen. Something like LISTKEYS, SHOWKEY...
+ o The QUIT command should wait for server's disconnection (at least for
+ a while) before exiting the application.
-TODO General
-============
+ o The JOIN command's HELP is generated from Irssi IRCs JOIN help and
+ the syntax is not same in SILC. This must be fixed. Most likely
+ we must forget the Irssi's JOIN command and mimic it to get our
+ required syntax for it too.
- o We should replace all short, int, long, unsigned short, unsigned int,
- unsigned long with some pre-defined datatypes that really are what
- we want on all platforms. int16, uint16, int32, uint32 etc. are
- what we could use or maybe SilcInt16, SilcUInt16 etc. Also, boolean
- datatype should be defined.
+ o We should get rid of the clientconfig.[ch] in Irssi SILC and move the
+ cipher, hash, hmac and pkcs configuration to the Irssi SILC's config
+ file.
+ o Add PERL scripting support from Irssi CVS.
-TODO In SILC Client Library
-===========================
+ o Extend the /HELP command to support sub commands or something. So
+ that user can say /help set mutual_authentication they would get
+ help of the mutual_authentication setting.
- o TODO in commands (silc/local_command.c, lib/silcclient/command.c and
- silc/silclient/command_reply.c):
+ o Set different kind of settings, like, /set mutual_authentication,
+ /set key_exchange_timeout, /set conn_auth_timeout etc etc.
- o Local command to handle private message keys is not done
- o Local command to handle channel private keys is not done
- o Local command to handle key agreement protocol is not done
- o RESTART command is not implemented
- o Client library crashes if for example server timeouts protocol
- execution and disconnects the client. The client, on the other hand
- may still assume that the connection is active, even after receiving
- the EOF. Reason for this is that the clien library does not handle
- the SilcSocketConnection reference counter at all. This must be
- fixed.
+TODO/bugs In SILC Client Library
+================================
- o Logic for handling multiple same nicknames for example in private
- message sending. I guess the logic is done in server side but is
- missing from client.
+ o JOIN command's argument handling is buggy. See the XXX in the code.
- o I guess, public key authentication (when connecting to a server)
- is not working currently. It is just matter of loading the keys
- from file and using them (see corresponding code in server, it should
- support public key authentication already).
- o Connection Authentication request resolving is missing and must be
- done. This is required by the protocol.
+TODO/bugs In SILC Server
+========================
- o Add client library parameters or options that handle what kind of
- messages the library should print out (using `say' client operation,
- for example) and what is left for the application to print. The
- appliation could for example set that it handles all command printing
- but all error printing should be handled by the library, etc...
+ o On normal server the channel count can go negative (like -3 channels).
- o Non-blocking connection on the background must be stopped if some
- other connection on same window has established. Now it is possible
- that some non-blocking connection timeouts on the background when
- we already have a working connection to some other place; things
- goes bad.
+ o Change the sever to connect to another server from low ports (706)
+ and not from high ports. Currently we cannot do incoming connection
+ checking by remote port because the port is not fixed.
- o Input line on UI is buggy. Cursor movement etc bugs. Too lazy to
- fix it.
+ o Add a timeout to handling incoming JOIN commands. It should be
+ enforced that JOIN command is executed only once in a second or two
+ seconds. Now it is possible to accept n incoming JOIN commands
+ and process them without any timeouts. THis must be employed because
+ each JOIN command will create and distribute the new channel key
+ to everybody on the channel.
+ o Optimize the JOIN command in normal server. When router returns
+ command reply for JOIN it returns the new channel key. We however
+ still create new channel key when processing the pending JOIN command.
+ This works ok but is not necessary.
-TODO In SILC Server
-===================
+ o Optimize the WHOIS and IDENTIFY commands to somehow check whether the
+ requested clients are on some channel that the server knows about. If
+ this is the case then the request is not needed to be forwarded to the
+ router. One specific optimization could be done with JOIN command.
+ If the previous command to the WHOIS and IDENTIFY commands are JOIN
+ command (from the client) it can be expected (though it must be
+ verified) that the client is resolving the users on the channel it just
+ joined. If server has done this once there is really no reason to
+ resolve it twice (from the router), it can reply directly back with
+ the information it knows. This is because the server would (will)
+ receive notifications from the router for users that are on a local
+ channel.
- o TODO in commands (command.c and command_reply.c):
+ The same is with whowas command. Actually with all these commands
+ it should be checked also whether the requested information is local.
+ If it is, there is no reason to send it to the router, since the server
+ knows it best.
- o RESTART is not implemented
- o In servers all command reply funtions should still call the
- pending command reply even if the reply was error. In client
- it is not called but in server, I think, it must be called.
- When implementing this check that all commands handle the
- situation correctly when it is called as pending command
- (it should most likely check that cmd->pending == TRUE/FALSE).
+ o Add support for sending the LIST command to primary router on normal
+ server to receive all the created channels. Currently the command
+ returns only the channels the server knows about. The protocol spec
+ does not prohibit of sending the LIST to the router.
- o TODO in notify types (packet_receive.c):
+ o Incomplete IPv6 support:
- o SERVER_SIGNOFF notify type is not implemented
+ o silcd/serverid.c and its routines supports only IPv4.
- o TODO in authentication protocol (protocol.c):
+ o Add perhaps /var/run/silcd.pid for PID information for the server.
- o Public key authentication is missing in initiator side. It must
- be implemented by creating the authentication data.
+ o New configuration file format must be added. The new one will be
+ done using the dotconf config library (lib/dotconf). The following
+ tasks relates closely to this as well and must be done at the same time
+ when adding the new config file format:
- o TODO in general server (server.c)
+ o Server says that it is able to listen on multiple ports but
+ currently that is bogus. It can, but internals are for single
+ server.
- o SILC_PACKET_CONNECTION_AUTH_REQUEST packet type is not
- implemented.
+ o Protocol execution timeouts are hard coded, should be
+ configurable.
- o silc_server_connect_to_router_second checks the authentication
- method to be used in the connection. However, if it does not
- find it it must resolve it from the responder by sending the
- SILC_PACKET_CONNECTION_AUTH_REQUEST packet.
+ o IP address fields in configuration file should accept mask
+ format as well, IP/MASK, and not just plain IP.
- o Packet processing can be made faster. All packet function in the
- packet_receive.c has same prototypes. Instead of calling those from
- huge switch() make a table of callback functions that can be called
- directly by the packet type.
+ o Connection classes should be actually implemented in
+ serverconfig.c. They can be defined but they are totally
+ ignored currently. And they should be redefined also.
- o DNS/IP lookup blocks the server. This must be fixed. Check the
- resolver stuff (resolver(3), resolver(5)). Either we have to do the
- own resolver stuff (through scheduler, if possible without writing
- too much own stuff) or use threads.
- o Acceptance of incoming connections (client and server connections)
- should be checked before key exchange protocol. Currently it is
- checked at the authentication phase after KE, that is ok, but it should
- be checked before starting KE, as well.
+TODO/bugs In SILC Libraries
+===========================
- o Server says that it is able to listen on multiple ports but currently
- that is bogus. It can, but internals are for single server.
+ o Security fixes from the latest draft for MAC key and MAC computation:
+ the packet sequence number.
- o Protocol execution timeouts are hard coded, should be configurable.
+ o Compression routines are missing. The protocol supports packet
+ compression thus it must be implemented. SILC Comp API must be
+ defined. zlib package is already included into the lib dir (in CVS,
+ not in distribution), but it is not used yet, and it requires some
+ tweaking on the Makefiles (we want static lib not shared).
- o IP address fields in configuration file should accept mask format
- as well, IP/MASK, and not just plain IP.
+ o All payload parsing (decoding) functions should take unsigned char *
+ and uint32 as data and data length as arguments. Now some of the
+ routines do already that but most of the routines use SilcBuffer.
+ The SilcBuffer ones should be removed since buf->data and buf->len
+ is more convenient to use. These are currently only cosmetic changes
+ but at some point must be done to make the payload interfaces
+ consistent.
- o Connection classes should be actually implemented in serverconfig.c.
- They can be defined but they are totally ignored currently.
+ o Incomplete IPv6 support:
- o Connection redirect, if server is full, is not implemented. I also
- don't know how to do it currently. Maybe it shouldn't be done at all.
+ o All network routines in lib/silcutil/silcnet.[ch] does not
+ support IPv6.
+ o silc_id_render supports only IPv4 based ID's in the file
+ lib/silcutil/silcutil.c.
+ o Add builtin SOCKS and HTTP Proxy support, well the SOCKS at least.
+ SILC currently supports SOCKS4 and SOCKS5 but it needs to be compiled
+ in separately.
-TODO In SILC Libraries
-======================
- o Implement PFS (Perfect Forward Secrecy) flag in SKE (and in client and
- server, actually). If PFS is set, re-key must cause new key exchange.
- This is required by the SILC protocol.
+TODO/Bugs in native WIN32 support (libraries)
+=============================================
- o Re-key in general is actually missing (from everywhere) and must be done.
+ o silc_net_create_connection_async does not work the same way than on
+ Unix. Do it with threads on WIN32. The function works but is not
+ actually async currently.
- o Compression routines are missing. The protocol supports packet
- compression thus it must be implemented. SILC Comp API must be
- defined. zlib package is already included into the lib dir (in CVS,
- not in distribution), but it is not used yet, and it requires some
- tweaking on the Makefiles (we want static lib not shared).
- o Rewrite the task system. I made it too complex and too "neat" and
- it really should be rewritten. We don't need priorities really, one
- priority is enough. This will simplify a lot the task system.
-
- o SIM support for SILC PKCS API needs to made so that they could be
- used as SIM's. At the same time some work is required on prime
- generation as the way it is done now sucks. Read from code for
- more (silcpkcs.h).
-
- o Random Number Generator needs some tweaking. Reading /dev/random may
- block resulting slow initialization of RNG. Some other things in the
- RNG may block as well. Also, I have some pending changes to the RNG
- that needs to be commited (from Schneier's Yarrow-160 paper). They
- should make the RNG even better.
-
- o Scheduler needs to be analyzed on high load as it might be unfair
- towards select() because it may run timeout tasks before select() and
- after select(). If it is found to be unfair the timeout task running
- before select() should probably be removed.
-
-
-TODO in the protocol before SILC 0.x
-====================================
-
- o New commands and features in the commands
- (draft-riikonen-silc-spec-xx.txt):
-
- o Define GETKEY command to fetch the public key of a server
- and/or a client in the SILC Network.
- o Define SENDKEY command to send your public key to a client
- in the network. Sending to the server must not be done due
- to various security reasons (the server must not trust the
- public keys blindly without third party verification; that's
- why SENDKEY is not for servers).
- o Define AWAY command to set the indication flag whether the
- client is present or not. Do not save the away message to the
- server though.
- o Define the channel founder property to be permanent locally in
- the server so that channel founder can regain its rights even
- if it disconnects from the server. Thus, define a new command
- or channel user mode that can be used to set the channel founder
- passphrase or public key that can be used in the authentication
- when regaining the founder rights.
-
- o New packets and features in the packets
- (draft-riikonen-silc-pp-xx.txt):
-
- o Define the Private Message packet to include private message
- flags and define the flags. The flags could indicate whether
- the message is, for example autoreply or the receiver should not
- reply to the private messages. What other flags?
-
- o New feature in the KE/auth protocol
- (draft-riikonen-silc-ke-auth-xx.txt):
-
- o Define group exchange support for the SKE so that the SKE
- could be performed among more than two entities. This is not
- a showstopper and may be defined later.
+TODO In SILC Protocol
+=====================
+
+ o If channel founder mode is set and the invite mode is set on channel
+ then the founder should be added to the list automatically so that
+ if the founder signoff's it will be able join again to the invite only
+ channel wihtout being invited.
TODO After 1.0
==============
- o Pthreads support. A lot of problems are solved with server (and with
- client as well) if we add pthread support. We can forget things such
- as non-blocking connecting etc, and we can do things such as DNS/IP
- lookups async. The server itself also benefits great deal from
- threads, especially from performance point of view.
-
- But, this is not a small task and almost entire SILC Library has to
- be made re-entrant. Own API is probably added for the threads support
- to make changes in the future as painless as possible. So the API
- would have things like silc_mutex_lock, silc_mutex_unlock and
- friends...
-
o X.509 certificate support. SILC protocol supports certificates and
it would be great to have support for them. This is a big task as
support has to be made for ASN.1 as well. I've looked into OpenSSL
to start writing one myself. Anyhow, the OpenSSL X.509 lib should
be checked.
+ Other package that should be checked is the NSS's X509 library.
+
o SSH2 public keys support. Maybe - not really needed but could be
nice as SSH is widely used all over the place. SILC Protocol
supports SSH2 public keys.