Handle private_key_ops better, esp wrt ->key_oid
Better support for keyex negotiation, DH and ECDH.
x501 name
parsing
comparing (ldap canonlisation rules)
DSA support
DSA2 support
Rewrite the pkcs11 code to support the following:
* Reset the pin on card change.
* Ref count the lock structure to make sure we have a
prompter when we need it.
* Add support for CK_TOKEN_INFO.CKF_PROTECTED_AUTHENTICATION_PATH
x509 policy mappings support
CRL delta support
Qualified statement
https://bugzilla.mozilla.org/show_bug.cgi?id=277797#c2
Signed Receipts
http://www.faqs.org/rfcs/rfc2634.html
chapter 2
tests
nist tests
name constrains
policy mappings
http://csrc.nist.gov/pki/testing/x509paths.html
building path using Subject/Issuer vs SubjKeyID vs AuthKeyID
negative tests
all checksums
conditions/branches
pkcs7
handle pkcs7 support in CMS ?
certificate request
generate pkcs10 request
from existing cert
generate CRMF request
pk-init KDC/client
web server/client
jabber server/client
email
x509 issues:
OtherName is left unspecified, but it's used by other
specs. creating this hole where a application/CA can't specify
policy for SubjectAltName what covers whole space. For example, a
CA is trusted to provide authentication but not authorization.