TODO list for OpenSCEP ---------------------- - various checks before granting a certificate . transId matches request hash (done) . public key fingerprint (problem with Cisco bug [below]) . if the distinguished name has requested a certificate before, it should match the key - fingerprint computation seems to be wrong, or starting from different ideas Cisco's idea of the fingerprint Certificate Subject Name Contains: Name: cisco2.othello.ch Status: Pending Key Usage: General Purpose Fingerprint: 2213C845 EFB9E9B6 945D0618 0B5E0B0C 00000000 Request fingerprint as computed according to the SCEP specification 89D039AD FFA36FB6 DD6E9A23 67A8AAD7 This problem was sent to Cisco in the form of a bug report, but no reply has been received so far. - There seems to be quite a serious bug with IOS in that it does not honor the certificate revocation list. A bug report for this problem was sent to Cisco on march 14. - bad return from handler should result in a failure response, not crash partly done - check portability to linux and freebsd linux ok, at least it compiles - document directory hierarchy, utility programs - store the challenge password specified in the request as the user password if no password has been provided before. This will allow for an automatic but authenticated revoke by the owner of the certificate. -- $Id: TODO,v 1.8 2001/03/25 11:26:26 afm Exp $