There are still a lot things to do in pyCA.
| Topic |
Status |
| Clean up the code and remove all special features to make it usable in a more common way. |
released (0.4.1) |
| Consequent use of the openssl.cnf throughout the whole package. |
released (0.4.1) |
| Make certificate enrollment process more comfortable to users, e.g. check parameters against openssl.cnf and give more detailed feedback about input errors. |
released (0.4.2) |
| Show clickable structure of openssl.cnf for downloading CA certificates and CRLs. |
released (0.4.2) |
| Documentation of configuration parameters |
released (0.4.3) |
| Script for generating of CA certificate hierarchies and initial CRLs |
released (0.4.5) |
| Speed up certificate loading by handling DER certificates |
released (0.4.5) |
| Documentation of all configuration parameters |
released (0.5.0) |
| Scripts ca-cycle-pub.py for cyclic CA tasks on the public server |
most done and released (0.5.0) |
| Update cnf-parsing to reflect the recent changes which were made in OpenSSL (complete rewrite). |
released (0.5.1) |
| Support for Microsoft Internet Explorer |
released (0.6.0) |
| Improve LDAP support. |
released (0.6.0) |
| Store initial master secrets in a database during registration process involving RA or user itself. Printing of registration info for postal shipment, automatic checking of initial master secret. |
to do |
| Scripts ca-cycle-priv.py for daily/hourly CA tasks on the system holding the private keys |
to do |
| English help texts. |
to do |
| Enrollment script server-enroll.py for server certificate requests. |
to do |
| Speed up access to bigger certificate databases by using the GDBM package for holding a copy of the certificate database |
to do |
| PKIX compliance (e.g. keyUsage etc.) |
to do |
| Flexible logging support for CGI-BINs |
to do |
| Documentation of the certification process |
to do |
| Script cert-renewal.py for certificate renewal requests |
to do |
| Script cert-revoke.py for certificate revocation requests |
to do |
| Instant certificate issueing (what some CAs call "Class 0") without admin interaction |
to do |
| Improving privacy of certified objects by implementing access control scheme to cert database (maybe just rely on LDAP bind) |
to do |
| Support for anonymized certificates for better privacy |
to do |
| Signing stored data and e-mails if possible (depends on further S/MIME support in OpenSSL) |
to do |
| Better localizing, multiple languages. |
to do |