2 - Key revocation & distribution
4 - Notification of trust changes?
5 - Format of revocation certs
6 - Allow third parties to issue "I think key X is compromised" certs?
9 - Peer issuing millions of certificates
14 - Upgrade certificates
15 - Issue with new key but old timestamps?
16 - Crypto agility (public key algo, digest algo)
20 - Public fides servers a la PGP?
22 - Link fides keys/certs with other crypto ways?
23 - Standard cert for eg. linking fides key with SSH key?
24 - Or fides key/cert with X.509 cert?
25 - Or with plain identities like usernames, or email addresses, etc?
26 - Something like PGP uids?
28 - What to do when exact time is not known when generating certs?
29 - Use time from newest cert + 1 ms?
30 - Explicit relation to old certs?
32 - Keep obsoleted certs around, or is this a security risk?
34 - Delegate keys/certs?
36 - Standardise certificate format
38 - If text, how to handle special characters? Escape?
40 - One or more digests allowed?
41 - Include digest type?
42 - Standard way of indicating trust/notrust, allow/deny type certificates
43 - Be able to handle new certificate types in the future?
46 - Show it to cryptography@metzdowd.com
47 - Prepare for penis-shaped sound waves