Martin Ukrop

An older note says that suite B errors were not present in some version of the OpenSSL documentation. Investigate this and if it's the case, add them.

Specifically `OSCP_NO_REVOCATION_URL` and `OSCP_SERVER_NOT_AVAILABLE`. * Error codes are defined here: https://botan.randombit.net/doxygen/cert__status_8h_source.html * Error messages are defined here: https://botan.randombit.net/doxygen/cert__status_8cpp_source.html

Investigate certificate generation with certtool: It seems that in some scenarios/setting, a certificate of version 1 with extensions. If this is so, this is a bug (version 1 certificates do...

Investigate if the certificate with an excluded subtree name constraints error (corresponding to OpenSSL's `X509_V_ERR_EXCLUDED_VIOLATION`) passes or not in Botan validation.

The error messages for certificate validation errors (https://github.com/ARMmbed/mbedtls/blob/master/library/x509_crt.c#L1666) are not consistent in typography (sometimes they end in a dot, sometimes not).

Check why the `X509_V_ERR_KEYUSAGE_NO_CERTSIGN` is not thrown when validating certificates without `cert_signing_key`/`crl_signing_key` (certtool settings), see discussion in #49.

Make a research into how to categorize error severity. * Look into Mozilla's categorization of browser errors (overridable, non-overridable). * Think of objective measures of risk/severity. * Try to create...

Be transparent to which version of the documentation are we relating. * For now: Just indicate if it's master or a specific version. * Possible extensions: Selection box for different...

What changes are to be done in OpenSSL 3.0? Are any of them relevant to us?

Have descriptions/stories of the main use cases: * Who are we building the website for? * What will the people want to do there? These will help us adjust the...