* update the README
* special thanks to Jack Lloyd
* mac universal binary support?
* be sure to turn ALL .pro files (examples, everything) on release mode
* option to build qca with simultaneous debug and release, similar to qt?

* API documentation
  think about documenting the various providers (qcaprovider.h)
  Change Doxyfile config to capture whole API, and to generate Latex manual.

* beta3
  api:
    make keystoremanager work like irisnet netinterfacemanager
    cert/key mismatch error for cms (do we want this for TLS also?)
    get rid of SecureMessage::signature(), return the sig in read() ?
    map doesn't maintain DN order.  use a different container
    passive keystoreentry (and related issues)
    make sure there aren't any cases where a Foo::supportsBar()-style function
      reports true, but then when the object is created, it doesn't actually
      support the feature (because the wrong provider was used).
    why is Random returning unsigned?
  code:
    don't create qobjects during init (that means you, keystoremanager)
    functions that don't trip a scan should do so on the first try
    sasl: test it works correctly
    race condition(?): keystore id is bad by the time a KeyStore object is
      made. solution: if the id is invalid, queue up an unavailable() signal?
  other:
    link against our own lib (e.g. -L../../lib) before ALL other libs,
      including Qt's libs, since some distros put qca into qt's dir.

* beta4
  api:
    cert extensions
    OCSP ?
    random: either find a way to always provide good random numbers,
            or add an indicator as to whether the numbers can be
            trusted.
    tls extensions: hostname and ocsp stapling
  code:
    fix asker implementation, it is a disaster
    persistent properties
    dirwatch: thread safety
    dirwatch: test on all platforms
    qca-openssl: ca signing
    synchronizer should lazy-start the thread
    proper parenting of all objects
    qca-gnupg: ignore newlines from passphrase, to avoid advancing command-fd
  other:
    Update to latest Botan, and remake the botantools patch as appropriate
       - remove u32bit miller_rabin_test_iterations(u32bit bits, bool verify)
    ability to compile plugins in statically (check 'plugins' subdir)

* Considerations
  api:
    Q_DISABLE_COPY on some objects
    give all classes non-default ctors/dtors/copy/op=, and dpointers?
    add more "getters" to the library?
    don't forget to QCA_EXPORT everything
    it's possible we use QSecureArray in some unnecessary places
  other:
    add asserts
    standardize on count() vs size() when iterating?
    printf + latin1()/toLatin1() -> qPrintable() ? (in code/examples/docs/etc)
  alon:
    log facility, with log level and a print destination (maybe file property?)
      figure out overlap with "diagnosticText"
    convertToPublic should return a publickey rather than clone?
    property change notifications
    keybundle should be able to not have intermediates
    ability to complete cert chain from a pool of nonroots
    global provider config files
    forkfixup

* finish code for APIs:
  core: properties
  cert: rfc 2818 hostname validation
  publickey/cert cleanup
  securemessage
  tls
  sasl
  keystore: cleanup
  don't allow smart card providers to be used by default
  qca-openssl: we have email altname but not email DN?

* examples
  create example for BigInteger
  create example for OpenPGP
  create example for CMS
  fix SASL examples (client and server)

* Additional unit tests (using QTestLib):
  - OpenPGP
  - CMS
  - TLS ?
  - SASL ?
  - QPipe
  - FileWatch / DirWatch
  - Complete the pkits tests

* write plugin support
  qca-botan: implement
  qca-egads (or qca-egd): implement for Random support

* possibilities for the future:
  securemessage: algorithm selection for cms/pgp (and use SecurityLevel?)
  tls: SSL_get_client_CA_list
  tls: renegotiation
  Key wrapping - RFC3217 and RFC3394
  quoted-printable TextFilter
  keygen on smart cards
  keystore: symmetric keys, arbitrary app data
  cms: fine-grained control over smime attribs
  providers for:
    Mozilla NSS
    Windows CryptoAPI
    Linux kernel crypto support, if the userspace API ever gets sorted out
    Intel Performance Primatives library

