• VendorsToDo

These are our TODO lists for other vendors to fix their products:

Apple

• implement TLS-SNI

Microsoft

• SHA2 Implementation (see HashInterop)

• Don´t encode the Subject in UCS-2 as soon as a * is included in PKCS#10 certificate requests from IIS.
• Implement TLS-SNI

• Fix security issues from http://www.cs.dartmouth.edu/~sws/pubs/msz05.pdf

• Solve the CodeSigning security hole for certificates without a ExtendedKeyUsage field (Don´t accept certificates for code-signing, that do not include the code signing bit)

• Provide a proper error message when IE tries to download a certificate for which it has no private key.
• Provide a proper error message when IE tries to download a certificate for which the root certificate isn´t loaded.

OpenSSL

• Add -inform and -outform option to ca command
• ca command delivers DER encoding with spkac request and PEM encoding with PKCS#10 requests
• Improve the standard config files not to use MD5 per default anymore#
• Improve the standard config files to use reasonable length keys
• Perhaps incorporate OpenCA's OCSPD into OpenSSL standard distribution
• Write a manual

Apache

• Document Vhost capabilities

• Implement TLS-SNI properly bug 34607

• OCSP Stapling bug 43822

• Provide a tool to easily secure the webspaces
• Improve the configuration files, to opportunistically secure the webpages with SSL
• Find a solution against the redundancy problem of SSL+Non-SSL webspaces in the Apache configuration

IETF

• Clarify VhostTaskForce problems

• Solve the CodeSigning security hole in RFC 3280 for certificates without a ExtendedKeyUsage field (Don´t accept certificates for code-signing, that do not include the code signing bit)

Sun

• Solve the CodeSigning security hole for certificates without a ExtendedKeyUsage field (Don´t accept certificates for code-signing, that do not include the code signing bit)

• Fix the JavaCard platform issues

Mozilla

• Provide a message box for the user and tell him that the certificate was loaded successfully, when a user loads the certificate. At the moment, nothing happens.
• Display generated private keys that don´t have a certificate associated with them yet (like Opera does)
• Implement TLS-SNI (done as far as I heard)
• Fix the bug of showing code-signatures personal codesiging certificates (that don't have a O= field) as unsigned

Debian

• Package BoxBackup: http://debian.myreseau.org/dists/etch/main/binary-i386/ (it's in backports now)

LUKS / DM-CRYPT

• Implement emergency wiping
• Trigger emergency wiping on cooling or heating detection from mainboard temperature sensors
• Trigger emergency wiping on case opening sensors
• Trigger emergency wiping on /proc interface inputs from userspace

Subversion

• Implement a mechanism to automatically set the mimetypes of newly added files (.pdf -> application/pdf , ...) on the server (not on the clients. There are too many clients to get them under control)