--- /dev/null
+- Handle compromises
+ - Key revocation & distribution
+ - Recalculate trust
+ - Notification of trust changes?
+ - Format of revocation certs
+ - Allow third parties to issue "I think key X is compromised" certs?
+
+- Handle misuse
+ - Peer issuing millions of certificates
+
+- Handle renewal
+ - New keys
+ - Linked to old keys
+ - Upgrade certificates
+ - Issue with new key but old timestamps?
+ - Crypto agility (public key algo, digest algo)
+
+- Synchronisation
+
+- Public fides servers a la PGP?
+
+- Link fides keys/certs with other crypto ways?
+ - Standard cert for eg. linking fides key with SSH key?
+ - Or fides key/cert with X.509 cert?
+ - Or with plain identities like usernames, or email addresses, etc?
+ - Something like PGP uids?
+
+- What to do when exact time is not known when generating certs?
+ - Use time from newest cert + 1 ms?
+ - Explicit relation to old certs?
+
+- Keep obsoleted certs around, or is this a security risk?
+
+- Delegate keys/certs?
+
+- Standardise certificate format
+ - Binary vs. text?
+ - If text, how to handle special characters? Escape?
+ - Version number?
+ - One or more digests allowed?
+ - Include digest type?
+ - Standard way of indicating trust/notrust, allow/deny type certificates
+ - Be able to handle new certificate types in the future?
+ - IANA?
+
+- Show it to cryptography@metzdowd.com
+ - Prepare for penis-shaped sound waves
+
projects / fides / commitdiff