There seems to be an increasing number of proposed new IKE extensions after every IETF. We are, however, reluctant to incorporate them all as code bloat is a problem we should fight to maintain any kind of security. Something we definitely are going to add is IPv6 support, as we recently have started shipping OpenBSD with an IPsec-aware IPv6 stack. Other likely enhancements are support for PKCS#11 (an API to talk to cryptographic tokens, like smartcards, for authentication), challenge-response authentication for Phase 1 exchanges and PKIX compliance. A major short-term project is support for cryptographic hardware for RSA and Diffie-Hellman computation, since OpenBSD has began to support a cryptographic services framework in the kernel. Other minor projects involve integration with DNSSEC [10] infrastructure once we see further deployment and use, and ``New group mode'' support to dynamically negotiate new groups to compute DH secrets in. There are plans to support some new platforms, for example FreeS/WAN over PF_KEY and Solaris 8. There are other commercial Unices with IPsec stacks which we may port isakmpd to. Closer integration with the kernel and userland applications (possibly through the setsockopt(3)/getsockopt(3) API), and various projects involving policy discovery/negotiation (in particular, direct exchanging of KeyNote credentials) and automatic configuration are also part of our plans for future work.