$Id$ x501 name parsing comparing (ldap canonlisation rules) DSA support DSA2 support x509 policy mappings support CRL delta support crypto make signing alg depend on signer if not given tests nist tests name constrains policy mappings http://csrc.nist.gov/pki/testing/x509paths.html building path using Subject/Issuer vs SubjKeyID vs AuthKeyID negative tests all checksums conditions/branches pkcs7 handle pkcs7 support in CMS ? certificate request generate pkcs10 request from existing cert generate CRMF request pk-init KDC/client web server/client jabber server/client email x509 issues: OtherName is left unspecified, but its used by other specs. creating this hole where a application/CA can't specify policy for SubjectAltName what covers whole space. For example, a CA is trusted to provide authentication but not authorization.