RFE: explicit CRL and CA update on webpage (node update)
Projects
  - Batch Processor v2
  - nCipher
  - LunaCA3

Batch Processor v2
==================
        - export_key_pem
        - export_key_der
        - export_cert_pem
        - export_cert_der
        - export_key_cert_pem
        - export_key_cert_der
        - export_key_cert_pkcs12
        - export_key_cert_chain_pkcs12
    - escalation management
        - escalate_new_process
        - escalate_key
        - escalate_incomplete_csr
        - escalate_completed_csr
        - escalate_approved_csr
	- escalate_export
    - normal crr functions
        - create_crr
        - complete_crr
        - approve_crr
        - revoke_cert
        - issue_crl
        - export_crl
    - escalation management
        - escalate_cert_problem
        - escalate_incomplete_crr
        - escalate_completed_crr
        - escalate_approved_crr
        - escalate_export

General
=======
- new option: LDAP passphrase can be entered by user
- DBI should manage different wrong DBD driver names
- integrated backup mechanism
    - filesystem
        - var
        - etc
        - lib
        - htdocs
        - cgi-bin
    - database
- search forms for certificates and requests doesn't include the serial which is
  required
- import of long cachain during importCACert
- disable the subject alternative name in the frontend and in issueCert
- DSA Keygeneration failure
- DSA keys for LunaCA3 (and LunaSA)
- SCEP get other certs
- check subject during approveCSR* if the subject is not dynamic via serials
- automatic crontab based notification service for incoming CRRs and CSRs
- automatic crontab based notification service for expiring certs
- do we need a cronjob engine?
- add two fields per passphrase to avoid typos in long ones
- there is an old bug in OpenSSL which forgets the passphrase during conversion SSLeay <--> PKCS#8

Developers with CVS access
==========================
CVS Sign   |   Name
-------------------------------
Ashu       | ??? (still active?)
Bahaa      | Bahaaldin Naji Al-Amood
Chris      | Chris Covell
Dalini     | Ives Steglich     (SCEP authority)
Eto        | Alessandro Razeto (Debian authority)
Julio      | Julio Snchez Fernndez (still active?)
Madwolf    | Massimiliano Pala (OCSP authority)
Michael    | Michael Bell
Oliwel     | Oliwer Welter     (batch authority)
Robert     | Robert Joop (still active?)
------------------------------
planned:
------------------------------
Martin     | Martin Bartosch (SuSE authority)

=============================================================================

0.9.3
-----
- XML-based input and output of OpenCA
- XML-based configuration files
- multi-user and multi-role approval (e.g. one CA operator and two RA operators
  must approve a new CSR for a new CA operator before the request get the status
  APPROVED)
- check LDAP code with existing LDAP trees

=======================================================================

future
------
- split OpenCA::AC int AC and AC::CGI to allow a later integration of AC::Tk
- adding config parameter "HighRiskRole" to increment loglevels in alert case
- before sending email to all (CRIN mail and new users mail)
    - show a list with the recipients
    - add checkboxes to each recipient
    - add a checkbox or submit button for all recipients
    - add a button send mail
- a function to send a mail to all users (key compromise etc.)
- full OCSP integration
- pkcs#8 --> rsa --> rsa crypted (OpenSSL bug)
- modified infomail to users which has not the private key (basic_csr)
- protect CA-exports by signing
- warn defined roles if CRL will expire  (default 24h)
- Timestamping
- HW-Tests
