Blocker for 1.0
===============

- After pyca/cryptography 21st release: Make is_signature_valid call mandatory in caucase.utils.load_crl .

- After pyca/cryptography later release (code not fixed yet): Enable CRL distribution point extension when it tolerates literal IPv6 in the URL.

Eventually
==========

- Become an OCSP responder (requires support in other libraries - likely pyca/cryptography).