62 lines
1.3 KiB
Plaintext
62 lines
1.3 KiB
Plaintext
Handle private_key_ops better, esp wrt ->key_oid
|
|
|
|
Better support for keyex negotiation, DH and ECDH.
|
|
|
|
x501 name
|
|
parsing
|
|
comparing (ldap canonlisation rules)
|
|
|
|
DSA support
|
|
DSA2 support
|
|
|
|
Rewrite the pkcs11 code to support the following:
|
|
|
|
* Reset the pin on card change.
|
|
* Ref count the lock structure to make sure we have a
|
|
prompter when we need it.
|
|
* Add support for CK_TOKEN_INFO.CKF_PROTECTED_AUTHENTICATION_PATH
|
|
|
|
x509 policy mappings support
|
|
|
|
CRL delta support
|
|
|
|
Qualified statement
|
|
https://bugzilla.mozilla.org/show_bug.cgi?id=277797#c2
|
|
|
|
|
|
Signed Receipts
|
|
http://www.faqs.org/rfcs/rfc2634.html
|
|
chapter 2
|
|
|
|
tests
|
|
nist tests
|
|
name constrains
|
|
policy mappings
|
|
http://csrc.nist.gov/pki/testing/x509paths.html
|
|
|
|
building path using Subject/Issuer vs SubjKeyID vs AuthKeyID
|
|
negative tests
|
|
all checksums
|
|
conditions/branches
|
|
|
|
pkcs7
|
|
handle pkcs7 support in CMS ?
|
|
|
|
certificate request
|
|
generate pkcs10 request
|
|
from existing cert
|
|
generate CRMF request
|
|
pk-init KDC/client
|
|
web server/client
|
|
jabber server/client
|
|
email
|
|
|
|
|
|
x509 issues:
|
|
|
|
OtherName is left unspecified, but it's used by other
|
|
specs. creating this hole where a application/CA can't specify
|
|
policy for SubjectAltName what covers whole space. For example, a
|
|
CA is trusted to provide authentication but not authorization.
|
|
|