summaryrefslogtreecommitdiffstats
path: root/third_party/heimdal/lib/hx509/TODO
diff options
context:
space:
mode:
Diffstat (limited to 'third_party/heimdal/lib/hx509/TODO')
-rw-r--r--third_party/heimdal/lib/hx509/TODO61
1 files changed, 61 insertions, 0 deletions
diff --git a/third_party/heimdal/lib/hx509/TODO b/third_party/heimdal/lib/hx509/TODO
new file mode 100644
index 0000000..ecdfa8d
--- /dev/null
+++ b/third_party/heimdal/lib/hx509/TODO
@@ -0,0 +1,61 @@
+Handle private_key_ops better, esp wrt ->key_oid
+
+Better support for keyex negotiation, DH and ECDH.
+
+x501 name
+ parsing
+ comparing (ldap canonlisation rules)
+
+DSA support
+DSA2 support
+
+Rewrite the pkcs11 code to support the following:
+
+ * Reset the pin on card change.
+ * Ref count the lock structure to make sure we have a
+ prompter when we need it.
+ * Add support for CK_TOKEN_INFO.CKF_PROTECTED_AUTHENTICATION_PATH
+
+x509 policy mappings support
+
+CRL delta support
+
+Qualified statement
+ https://bugzilla.mozilla.org/show_bug.cgi?id=277797#c2
+
+
+Signed Receipts
+ http://www.faqs.org/rfcs/rfc2634.html
+ chapter 2
+
+tests
+ nist tests
+ name constrains
+ policy mappings
+ http://csrc.nist.gov/pki/testing/x509paths.html
+
+ building path using Subject/Issuer vs SubjKeyID vs AuthKeyID
+ negative tests
+ all checksums
+ conditions/branches
+
+pkcs7
+ handle pkcs7 support in CMS ?
+
+certificate request
+ generate pkcs10 request
+ from existing cert
+ generate CRMF request
+ pk-init KDC/client
+ web server/client
+ jabber server/client
+ email
+
+
+x509 issues:
+
+ OtherName is left unspecified, but it's used by other
+ specs. creating this hole where a application/CA can't specify
+ policy for SubjectAltName what covers whole space. For example, a
+ CA is trusted to provide authentication but not authorization.
+