 caf62477c9
			
		
	
	caf62477c9
	
	
	
		
			
			git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17418 ec53bebd-3082-4978-b11e-865c3cabbd6b
		
			
				
	
	
		
			56 lines
		
	
	
		
			1.1 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			56 lines
		
	
	
		
			1.1 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| $Id$
 | |
| 
 | |
| x501 name
 | |
| 	parsing
 | |
| 	comparing (ldap canonlisation rules)
 | |
| 
 | |
| DSA support
 | |
| DSA2 support
 | |
| 
 | |
| Rewrite the pkcs11 code to support the following:
 | |
| 
 | |
| 	* Keep as many sessions open to the card as long as possible.
 | |
| 	* Avoid trying to login to the card over and over.
 | |
| 	* Reset the pin on card change.
 | |
| 	* Ref count the lock structure to make sure we have a
 | |
|           prompter when we need it.
 | |
| 
 | |
| x509 policy mappings support
 | |
| 
 | |
| CRL delta support
 | |
| 
 | |
| crypto
 | |
| 	make signing alg depend on signer if not given
 | |
| 
 | |
| tests
 | |
| 	nist tests
 | |
| 		name constrains
 | |
| 		policy mappings
 | |
| 		http://csrc.nist.gov/pki/testing/x509paths.html
 | |
| 
 | |
| 	building path using Subject/Issuer vs SubjKeyID vs AuthKeyID
 | |
| 	negative tests
 | |
| 		all checksums
 | |
| 		conditions/branches
 | |
| 
 | |
| pkcs7
 | |
| 	handle pkcs7 support in CMS ?
 | |
| 
 | |
| certificate request
 | |
| 	generate pkcs10 request
 | |
| 		from existing cert
 | |
| 	generate CRMF request
 | |
| 		pk-init KDC/client
 | |
| 		web server/client
 | |
| 		jabber server/client 
 | |
| 		email
 | |
| 
 | |
| 
 | |
| x509 issues:
 | |
| 
 | |
|  OtherName is left unspecified, but its used by other
 | |
|  specs. creating this hole where a application/CA can't specify
 | |
|  policy for SubjectAltName what covers whole space. For example, a
 | |
|  CA is trusted to provide authentication but not authorization.
 | |
| 
 |