From 1d1cb24d775fcb1e41988623d060b202f1a2f45e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Mon, 24 Apr 2006 06:18:08 +0000
Subject: [PATCH] merge with old todo file

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17194 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hx509/TODO | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/lib/hx509/TODO b/lib/hx509/TODO
index bc7cca48d..daa2234e4 100644
--- a/lib/hx509/TODO
+++ b/lib/hx509/TODO
@@ -2,14 +2,12 @@ $Id$
 
 x501 name
 	parsing
-	comparing
+	comparing (ldap canonlisation rules)
 
 DSA support
 DSA2 support
-SHA2 support
 
 x509 policy mappings support
-path validation
 
 crypto
 	make signing alg depend on signer if not given
@@ -18,6 +16,7 @@ tests
 	nist tests
 		name constrains
 		policy mappings
+		http://csrc.nist.gov/pki/testing/x509paths.html
 
 	building path using Subject/Issuer vs SubjKeyID vs AuthKeyID
 	negative tests
@@ -35,3 +34,12 @@ certificate request
 		web server/client
 		jabber server/client 
 		email
+
+
+x509 issues:
+
+ OtherName is left unspecified, but its used by other
+ specs. creating this hole where a application/CA can't specify
+ policy for SubjectAltName what covers whole space. For example, a
+ CA is trusted to provide authentication but not authorization.
+