X-Git-Url: https://tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=NEWS;h=f3e4e2373901832e7bcf57c6e575eec4e1a86c3b;hp=c8e3cd34a94daaf201a70816cba89891590940dc;hb=4310b17be9cefcc1814ddef471e4c5cd8f9f867e;hpb=16847ea255fa8a7c0ed922af80a2f36b7bdf4b3b;ds=inline diff --git a/NEWS b/NEWS index c8e3cd34..f3e4e237 100644 --- a/NEWS +++ b/NEWS @@ -1,15 +1,82 @@ version 1.0pre3 Oct 31 2000 - * New protocol - * Use public/private key cryptography (fixes security hole) - * Spanish translation of the program and the manual - * Use OpenSSL crypto library for all cryptography - * Support for multiple subnets per tinc daemon - * Support for universal tun/tap device - * No longer depends on GMP + +* The protocol has been redesigned, and although some details are + still under discussion, this is secure. Care has been taken to + resist most, if not all, attacks. + +* Unfortunately this protocol is not compatible with earlier versions, + nor are earlier versions compatible with this version. Because the + older protocol has huge security flaws, we feel that not + implementing backwards compatibility is justified. + +* Some data about the protocol: + + * It uses public/private RSA keys for authentication (this is the + actual fix for the security hole). + + * All cryptographic functions have been taken out of tinc, instead + it uses the OpenSSL library functions. + + * Offers support for multiple subnets per tinc daemon. + +* New is also the support for the universal tun/tap device. This + means better portability to FreeBSD and Solaris. + +* tinc is tested to compile on Solaris, Linux x86, Linux alpha. + +* tinc now uses the OpenSSL library for cryptographic operations. + More information on getting and installing OpenSSL is in the manual. + This also means that the GMP library is no longer required. + +* Further, thanks to Enrique Zanardi, we have Spanish messages; Matias + Carrasco provided us with a Spanish translation of the manual. + + +What still needs to be done before 1.0: + +* Documentation. Especially since the protocol has changed, and a lot + of configuration directives have been added. + + + version 1.0pre2 May 31 2000 - * Internationalized, Dutch translation available - * Many sanity checks on the meta protocol added + +* This version has been internationalized; and a Dutch translation has + been included. + +* Two configuration variables have been added: + * VpnMask - the IP network mask for the entire VPN, not just our + subnet (as given by MyVirtualIP). The Redhat and Debian packages + use this variable in their system startup scripts, but it is + ignored by tinc. + * Hostnames - if set to `yes', look up the names of IP addresses + trying to connect to us. Default set to `no', to prevent lockups + during lookups. + +* The system startup scripts for Debian and Redhat use + /etc/tinc/nets.boot to find out which networks need to be started + during system boot. + +* Fixes to prevent denial of service attacks by sending random data + after connecting (and even when the connection has been established), + either random garbage or just nonsensical protocol fields. + +* tinc will retry to connect upon startup, does not quit if it doesn't + work the first time. + +* Hosts that are disconnected implicitly if we lose a connection get + deleted from the internal list, to prevent hogging eachother with + add and delete requests when the connection is restored. + + +What still needs to be done before 1.0: + +* Documentation. +* Failover ConnectTo lines, try another one if the first doesn't work. + + + version 1.0pre1 May 12 2000 * New meta-protocol