$Id$

x501 name
	parsing
	comparing

DSA support
DSA2 support
SHA2 support

x509 policy mappings support
path validation

crypto
	make signing alg depend on signer if not given

tests
	nist tests
		name constrains
		policy mappings

	building path using Subject/Issuer vs SubjKeyID vs AuthKeyID
	negative tests
		all checksums
		conditions/branches

pkcs7
	handle pkcs7 support in CMS ?

pkcs10
	generate request
		pk-init KDC/client
		web server/client
		jabber server/client 
		email
		from existing cert