These are our TODO lists for other vendors to fix their products:

== Apple ==
 *implement TLS-SNI

== Microsoft ==

 *SHA2 Implementation (see HashInterop)
 *Don´t encode the Subject in UCS-2 as soon as a * is included in PKCS#10 certificate requests from IIS.
 *Implement TLS-SNI
 *Fix security issues from http://www.cs.dartmouth.edu/~sws/pubs/msz05.pdf
 *Solve the CodeSigning security hole for certificates without a ExtendedKeyUsage field (Don´t accept certificates for code-signing, that do not include the code signing bit)
 *Provide a proper error message when IE tries to download a certificate for which it has no private key.
 *Provide a proper error message when IE tries to download a certificate for which the root certificate isn´t loaded.

== OpenSSL ==
 *Add -inform and -outform option to ca command
 *ca command delivers DER encoding with spkac request and PEM encoding with PKCS#10 requests
 *Improve the standard config files not to use MD5 per default anymore#
 *Improve the standard config files to use reasonable length keys
 *Perhaps incorporate OpenCA's OCSPD into OpenSSL standard distribution
 *Write a manual

== Apache ==
 *Document Vhost capabilities
 *Implement TLS-SNI properly [[https://issues.apache.org/bugzilla/show_bug.cgi?id=34607|bug 34607]]
 *OCSP Stapling [[https://issues.apache.org/bugzilla/show_bug.cgi?id=43822|bug 43822]]
 *Provide a tool to easily secure the webspaces
 *Improve the configuration files, to opportunistically secure the webpages with SSL
 *Find a solution against the redundancy problem of SSL+Non-SSL webspaces in the Apache configuration

== IETF ==
 *Clarify VhostTaskForce problems
 *Solve the CodeSigning security hole in RFC 3280 for certificates without a ExtendedKeyUsage field (Don´t accept certificates for code-signing, that do not include the code signing bit)

== Sun ==
 *Solve the CodeSigning security hole for certificates without a ExtendedKeyUsage field (Don´t accept certificates for code-signing, that do not include the code signing bit)
 *Fix the JavaCard platform issues

== Mozilla ==
 *Provide a message box for the user and tell him that the certificate was loaded successfully, when a user loads the certificate. At the moment, nothing happens.
 *Display generated private keys that don´t have a certificate associated with them yet (like Opera does)
 *Implement TLS-SNI (done as far as I heard)
 *Fix the bug of showing code-signatures personal codesiging certificates (that don't have a O= field) as unsigned

== Debian ==
 *Package BoxBackup: http://debian.myreseau.org/dists/etch/main/binary-i386/  (it's in backports now)

== LUKS / DM-CRYPT ==
 * Implement emergency wiping
 * Trigger emergency wiping on cooling or heating detection from mainboard temperature sensors
 * Trigger emergency wiping on case opening sensors
 * Trigger emergency wiping on /proc interface inputs from userspace

== Subversion ==
 * Implement a mechanism to automatically set the mimetypes of newly added files (.pdf -> application/pdf , ...) on the server (not on the clients. There are too many clients to get them under control)