TODO list for OpenSCEP
----------------------

- various checks before granting a certificate
  . transId matches request hash (done)
  . public key fingerprint (problem with Cisco bug [below])
  . if the distinguished name has requested a certificate before, it
    should match the key

- fingerprint computation seems to be wrong, or starting from different ideas

    Cisco's idea of the fingerprint
	Certificate
	  Subject Name Contains:
	    Name: cisco2.othello.ch
	  Status: Pending
	  Key Usage: General Purpose
	    Fingerprint:  2213C845 EFB9E9B6 945D0618 0B5E0B0C 00000000

    Request fingerprint as computed according to the SCEP specification
                          89D039AD FFA36FB6 DD6E9A23 67A8AAD7

  This problem was sent to Cisco in the form of a bug report, but no
  reply has been received so far.

- There seems to be quite a serious bug with IOS in that it does not
  honor the certificate revocation list. A bug report for this problem
  was sent to Cisco on march 14.

- bad return from handler should result in a failure response, not crash
 	partly done

- check portability to linux and freebsd
	linux ok, at least it compiles

- document directory hierarchy, utility programs

- store the challenge password specified in the request as the user password
  if no password has been provided before. This will allow for an automatic
  but authenticated revoke by the owner of the certificate.

--
$Id: TODO,v 1.8 2001/03/25 11:26:26 afm Exp $