Warning, /libraries/qca/TODO is written in an unsupported language. File is not indexed.
0001 * 2.2.0 0002 - New plugin qca-gpgme to replace current qca-gnupg. qca-gnupg requires 0003 to have gpg binary which can be any 1.4.x or 2.x. Them behaviour is 0004 different. gpg2 requires gpg-agent to ask user for passphrase. No 0005 correct way to check that key requires passphrase. 0006 0007 - Add an interface for gnupg to handle keys (create and remove, maybe 0008 something else). 0009 0010 - Add ECDSA support to qca-ossl plugin 0011 0012 -- Obsoletes 0013 * 2.0.4 0014 handle mac universal builds for arches besides x86 and ppc (e.g. x86_64) 0015 use rpath? 0016 cms example: User.pem expired. probably other certs need regen also? 0017 fix publickeyexample. it encrypts with cms, decrypts with raw rsa?? 0018 qcatool: instead of printing full usage at every wrong turn, we might try 0019 to print something closer to the context 0020 publickey: use_asker_fallback should use ErrorPassphrase 0021 cmssigner: convert path separators in field when loading a pkcs11 module 0022 cert: better makeFriendlyName diffing for key usage (consider OIDs) ? 0023 cert unit tests need to test wildcards!! 0024 consider a more readable implementation of qca_securelayer logic using the 0025 object-sessions concept (write the blog first :)) 0026 vs2005: big_io.obj : warning LNK4221: no public symbols found; archive 0027 member will be inaccessible 0028 0029 * 2.1.0 0030 CertificateAuthority constructor provider argument should have default value 0031 CertificateAuthority::createCertificate declared but not implemented! 0032 CertificateCollection: ability to remove certs/crls? 0033 pull kwallet's SecureBuffer? 0034 0035 * possibilities for the future: 0036 abort if feature requested but not found, rather than crashing 0037 examples: bigint, pgp, tls with smartcards (reuse ssltest?), more? 0038 unittests: pgp enc/dec, cms, sasl, tls, filewatch/dirwatch 0039 complete pkits unittests 0040 don't expose windows.h in qpipe.h, find another way to get HANDLE 0041 cert: ability to get a list of all validation errors, rather than just one 0042 the securelayer system doesn't respond to the app if processed data yields 0043 no events (an example of this would be a partially-received encrypted 0044 payload). since securelayer is async, an app could end up waiting for 0045 a response that is never going to come. the current workaround is to wait 0046 some event cycles and then give up (see the saslclient example). the fix 0047 is probably to make the securelayer system always respond to the app once 0048 data has been processed, whether or not the processing yields anything 0049 interesting yet. 0050 find a better way for a provider to automatically promote itself? (see 0051 qca-wingss) 0052 can we ever get SASL::NoAuthzid? 0053 make it possible to change GNUPGHOME and have qca-gnupg respect the change? 0054 see pgpunittest. 0055 why is Logger a QObject? 0056 it seems strange that Logger friends QCA::Global... 0057 operator==,!= for PGPKey? 0058 gss/kerberos interface? 0059 spnego? 0060 make sure it is possible to add new public key types (e.g. ECC). right now 0061 it looks like qca_publickey is hard-coded sometimes (such as canVerify() 0062 returning true only for RSA and DSA public keys, no way to override this 0063 in a plugin...) 0064 if you store a typical self-signed cert into the system store as a way to 0065 trust it, does that make you vulnerable to the cert signing other certs? 0066 make distinction between invalid ca and ca not found 0067 make distinction between depth 0 self-signed and self-signed in chain 0068 use Q_PROPERTY on some things (e.g. TLS::compressionEnabled) ? 0069 signRequest should allow specifying the serial number 0070 qca-ossl: give credit to tim and "openssl" itself, not just eric? 0071 tls: should there be an explicit property for requesting a certificate in 0072 server mode? right now qca-ossl simply always asks for a cert 0073 publickey: ability to compare keys without IO support 0074 provider: separate public and private keys into two classes to enable 0075 delegation easier. the public part should not be implemented by most 0076 providers. 0077 provider: make it possible to support RSA and DSA keys without implementing 0078 a separate class for each. 0079 qcatool: streaming securemessage operations 0080 access to list of known cached certs, similar to how cmssigner works? 0081 securemessage: ability to know which key has performed a decrypt? 0082 emsa3Encode: implement in provider instead of qca? 0083 OCSP 0084 securelayer: ability to specify how much to read, rather than just read all 0085 tls ocsp stapling 0086 tls: pgp, psk auth ? 0087 internally managed intermediate object storage 0088 securemessage: algorithm selection for cms/pgp (and use SecurityLevel?) 0089 tls: renegotiation 0090 Key wrapping - RFC3217 and RFC3394 0091 quoted-printable TextFilter 0092 keygen on smart cards 0093 keystore: symmetric keys, arbitrary app data 0094 cert: any other fields we don't support but might be used out there 0095 cert: support for arbitrary extensions? 0096 cms: fine-grained control over smime attribs 0097 convertToPublic should return a publickey rather than change itself 0098 providers for: 0099 Mozilla NSS 0100 Windows CryptoAPI 0101 Linux kernel crypto support, if the userspace API ever gets sorted out 0102 Intel Performance Primatives library 0103 Botan: partly implemented 0104 EGD / EGADS: implement for Random support