Blocker for 1.0 =============== - After pyca/cryptography 21st release: Make is_signature_valid call mandatory in caucase.utils.load_crl . - After pyca/cryptography later release (code not fixed yet): Enable CRL distribution point extension when it tolerates literal IPv6 in the URL. Eventually ========== - Become an OCSP responder (requires support in other libraries - likely pyca/cryptography).