TODO 3.71 KB
Newer Older
Eric Dorland's avatar
Eric Dorland committed
1 2
                                                              -*- outline -*-

3
* src/base64                                                  
Eric Dorland's avatar
Eric Dorland committed
4
** Make parsing more robust
5
   Currently we don't cope with overlong lines in the best way.
6
** Check that we really release the ksba reader/writer objects.
Eric Dorland's avatar
Eric Dorland committed
7 8 9 10

* sm/call-agent.c
** Some code should go into import.c
** When we allow concurrent service request in gpgsm, we
11 12
   might want to have an agent context for each service request
   (i.e. Assuan context).
Eric Dorland's avatar
Eric Dorland committed
13 14

* sm/certchain.c
15 16 17
** Try to keep certificate references somewhere
  This will help with some of our caching code.  We also need to test
  that caching; in particular "regtp_ca_chainlen".
Eric Dorland's avatar
Eric Dorland committed
18 19 20 21 22 23 24

* sm/decrypt.c
** replace leading zero in integer hack by a cleaner solution

* sm/gpgsm.c
** Implement --default-key
** support the anyPolicy semantic
25 26 27 28
** Should we prefer nonRepudiation certs over plain signing certs?
   Also: Do we need a way to allow the selection of a qualSig cert
   over a plain one?  The background is that the Telesec cards have 3
   certs capable of signing all with the same subject name.
Eric Dorland's avatar
Eric Dorland committed
29 30 31 32 33 34 35

* sm/keydb.c
** Check file permissions
** Check that all error code mapping is done.
** Remove the inter-module dependencies between gpgsm and keybox
** Add an source_of_key field

36 37 38 39
* agent/
** If we detect that a private key has been deleted
   Bump the key event counter.

Eric Dorland's avatar
Eric Dorland committed
40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55
* agent/command.c
** Make sure that secure memory is used where appropriate

* agent/pkdecrypt.c, agent/pksign.c
** Support DSA

* Move pkcs-1 encoding into libgcrypt.

* Use a MAC to protect sensitive files.
  The problem here is that we need yet another key and it is unlikely
  that users are willing to remember that key too.  It is possible to
  do this with a smartcard, though.

* sm/export.c
** Return an error code or a status info per user ID.

56
* common/tlv.c
57
  The parse_sexp function should not go into this file.  Check whether
Eric Dorland's avatar
Eric Dorland committed
58 59 60 61 62
  we can change all S-expression handling code to make use of this
  function.

* scd
** Application context vs. reader slot
63
  We have 2 concurrent method of tracking whether a reader is in use:
64
  Using the session_list in command.c and the lock_table in app.c.  It
Eric Dorland's avatar
Eric Dorland committed
65 66
  would be better to do this just at one place. First we need to see
  how we can support cards with multiple applications.
67 68 69 70
** Resolve fixme in do_sign of app-dinsig.
** Disconnect 
  Card timeout is currently used as a boolean.  
  Add disconnect support for the ccid driver.
Eric Dorland's avatar
Eric Dorland committed
71

72
* Regression tests
73
** Add a regression test to check the extkeyusage.
Eric Dorland's avatar
Eric Dorland committed
74

75 76 77
* Windows port (W32)
** Regex support is disabled
  We need to adjust the test to find the regex we have anyway in 
78
  gpg4win.  Is that regex compatible to the OpenPGP requirement?
79

Eric Dorland's avatar
Eric Dorland committed
80 81 82

* sm/
** check that we issue NO_SECKEY xxx if a -u key was not found
83
   We don't. The messages returned are also wrong (recipient vs. signer).
Eric Dorland's avatar
Eric Dorland committed
84

85
* g10/
Eric Dorland's avatar
Eric Dorland committed
86
** issue a NO_SECKEY xxxx if a -u key was not found.
87

88
* Extend selinux support to other modules
89
  See also http://etbe.coker.com.au/2008/06/06/se-linux-support-gpg/
90

91
* UTF-8 specific TODOs
92
  None.
93

94 95 96 97
* Manual
** Document all gpgsm options.
   

98 99
* Pinpad Reader
  We do not yet support P15 applications.  The trivial thing using
100
  ASCII characters will be easy to implement but the other cases need
101
  some more work.
102 103

* Bugs
104

105

106 107
* Howtos
** Migrate OpenPGP keys to another system
108

109 110 111 112 113 114 115
* Gpg-Agent Locale
  Although we pass LC_MESSAGE from gpgsm et al. to Pinentry, this has
  only an effect on the stock GTK strings (e.g. "OK") and not on any
  strings gpg-agent generates and passes to Pinentry.  This defeats
  our design goal to allow changing the locale without changing
  gpg-agent's default locale (e.g. by the command updatestartuptty).

116 117
* RFC 4387: Operational Protocols: Certificate Store Access via HTTP
  Do we support this?
118