Note that there is a separate todo.html with different content than this.
soon - MUST:
+- blacklist DigiNotar/Comodo/Türktrust hacks/certs, possibly with Chrome's serial#
+ list?
+- check if wildcards from X.509 are handled as strictly as required by
+ the RFCs.
- audit if there are further untrusted data report_*() calls.
- Debian Bug #475239, MIME decoder may break up words (need to quote results)
- put bare IP addresses in brackets for SMTP (check if there are RFC
- CRYPTO: perhaps port to NSS? Check license and features and required procedure
changes. - Redhat Bugs #333741 (crypto consolidation), #346891 (port fetchmail to NSS)
- CRYPTO: make the SSL default v3 (rather than v23).
-- CRYPTO: remove sslfingerprint? too easily abused (see NEWS)
- CRYPTO: force sslcertck
- CRYPTO: by default forbid cleartext or other compromising password
schemes over insecure connections?
does it expect, what does it get instead, what does that mean, how can the
user fix it; references to the manual)
+- grarpamp suggested, on the fetchmail list in later April 2013, more
+ config file flexibility and explicitness, by marking polls, hosts,
+ accounts. See thread.
+
+- more selection options, Debian Bug#705291.
+
+- add a way to specify multiple fingerprints per host
+
+- add a way to specify non-MD5 fingerprints per host. SHA1 can be told
+ from its mere length; other digest algorithms would require some sort
+ of prefix. We may require the prefix for SHA1, too, for clarity.
DOCUMENTATION:
- Add info whether Keywords are global, server or user keywords