Roadmap & Future Enhancements
The following features are considered low priority but may be valuable for future iterations.
Certificate & Revocation Handling
OCSP Nonce Validation
- Status: Nonce generation implemented, validation optional.
- Description: OCSP nonces are generated and included in requests, but validation on response is optional. Could add stricter nonce checking to prevent replay attacks.
Performance
Certificate Freshness Check
- Description: Validate certificate validity dates (notBefore/notAfter) before attempting OCSP/CRL fetch. Skip revocation checks for clearly expired or not-yet-valid certs.
- Impact: Reduced unnecessary network calls.
Validation
Enhanced Error Codes
- Description: Add specific error codes for LTV-specific failures (e.g.,
OCSP_FETCH_FAILED, CRL_PARSE_ERROR) instead of generic NETWORK_ERROR.
- Impact: Better error diagnostics for debugging LTV issues.
Roadmap & Future Enhancements
The following features are considered low priority but may be valuable for future iterations.
Certificate & Revocation Handling
OCSP Nonce Validation
Performance
Certificate Freshness Check
Validation
Enhanced Error Codes
OCSP_FETCH_FAILED,CRL_PARSE_ERROR) instead of genericNETWORK_ERROR.