Warning, /libraries/qca/TODO is written in an unsupported language. File is not indexed. 

0001 * 2.2.0
0002 - New plugin qca-gpgme to replace current qca-gnupg. qca-gnupg requires
0003   to have gpg binary which can be any 1.4.x or 2.x. Them behaviour is
0004   different. gpg2 requires gpg-agent to ask user for passphrase. No
0005   correct way to check that key requires passphrase.
0006 
0007 - Add an interface for gnupg to handle keys (create and remove, maybe
0008   something else).
0009 
0010 - Add ECDSA support to qca-ossl plugin
0011 
0012 -- Obsoletes
0013 * 2.0.4
0014   handle mac universal builds for arches besides x86 and ppc (e.g. x86_64)
0015   use rpath?
0016   cms example: User.pem expired.  probably other certs need regen also?
0017   fix publickeyexample.  it encrypts with cms, decrypts with raw rsa??
0018   qcatool: instead of printing full usage at every wrong turn, we might try
0019     to print something closer to the context
0020   publickey: use_asker_fallback should use ErrorPassphrase
0021   cmssigner: convert path separators in field when loading a pkcs11 module
0022   cert: better makeFriendlyName diffing for key usage (consider OIDs) ?
0023   cert unit tests need to test wildcards!!
0024   consider a more readable implementation of qca_securelayer logic using the
0025     object-sessions concept (write the blog first :))
0026   vs2005: big_io.obj : warning LNK4221: no public symbols found; archive
0027     member will be inaccessible 
0028 
0029 * 2.1.0
0030   CertificateAuthority constructor provider argument should have default value
0031   CertificateAuthority::createCertificate declared but not implemented!
0032   CertificateCollection: ability to remove certs/crls?
0033   pull kwallet's SecureBuffer?
0034 
0035 * possibilities for the future:
0036   abort if feature requested but not found, rather than crashing
0037   examples: bigint, pgp, tls with smartcards (reuse ssltest?), more?
0038   unittests: pgp enc/dec, cms, sasl, tls, filewatch/dirwatch
0039   complete pkits unittests
0040   don't expose windows.h in qpipe.h, find another way to get HANDLE
0041   cert: ability to get a list of all validation errors, rather than just one
0042   the securelayer system doesn't respond to the app if processed data yields
0043     no events (an example of this would be a partially-received encrypted
0044     payload).  since securelayer is async, an app could end up waiting for
0045     a response that is never going to come.  the current workaround is to wait
0046     some event cycles and then give up (see the saslclient example).  the fix
0047     is probably to make the securelayer system always respond to the app once
0048     data has been processed, whether or not the processing yields anything
0049     interesting yet.
0050   find a better way for a provider to automatically promote itself?  (see
0051     qca-wingss)
0052   can we ever get SASL::NoAuthzid?
0053   make it possible to change GNUPGHOME and have qca-gnupg respect the change?
0054     see pgpunittest.
0055   why is Logger a QObject?
0056   it seems strange that Logger friends QCA::Global...
0057   operator==,!= for PGPKey?
0058   gss/kerberos interface?
0059   spnego?
0060   make sure it is possible to add new public key types (e.g. ECC).  right now
0061     it looks like qca_publickey is hard-coded sometimes (such as canVerify()
0062     returning true only for RSA and DSA public keys, no way to override this
0063     in a plugin...)
0064   if you store a typical self-signed cert into the system store as a way to
0065     trust it, does that make you vulnerable to the cert signing other certs?
0066   make distinction between invalid ca and ca not found
0067   make distinction between depth 0 self-signed and self-signed in chain
0068   use Q_PROPERTY on some things (e.g. TLS::compressionEnabled) ?
0069   signRequest should allow specifying the serial number
0070   qca-ossl: give credit to tim and "openssl" itself, not just eric?
0071   tls: should there be an explicit property for requesting a certificate in
0072     server mode?  right now qca-ossl simply always asks for a cert
0073   publickey: ability to compare keys without IO support
0074   provider: separate public and private keys into two classes to enable
0075     delegation easier.  the public part should not be implemented by most
0076     providers.
0077   provider: make it possible to support RSA and DSA keys without implementing
0078     a separate class for each.
0079   qcatool: streaming securemessage operations
0080   access to list of known cached certs, similar to how cmssigner works?
0081   securemessage: ability to know which key has performed a decrypt?
0082   emsa3Encode: implement in provider instead of qca?
0083   OCSP
0084   securelayer: ability to specify how much to read, rather than just read all
0085   tls ocsp stapling
0086   tls: pgp, psk auth ?
0087   internally managed intermediate object storage
0088   securemessage: algorithm selection for cms/pgp (and use SecurityLevel?)
0089   tls: renegotiation
0090   Key wrapping - RFC3217 and RFC3394
0091   quoted-printable TextFilter
0092   keygen on smart cards
0093   keystore: symmetric keys, arbitrary app data
0094   cert: any other fields we don't support but might be used out there
0095   cert: support for arbitrary extensions?
0096   cms: fine-grained control over smime attribs
0097   convertToPublic should return a publickey rather than change itself
0098   providers for:
0099     Mozilla NSS
0100     Windows CryptoAPI
0101     Linux kernel crypto support, if the userspace API ever gets sorted out
0102     Intel Performance Primatives library
0103     Botan: partly implemented
0104     EGD / EGADS: implement for Random support