                       _             _ 
   _ __ ___   ___   __| |    ___ ___| |  
  | '_ ` _ \ / _ \ / _` |   / __/ __| |  
  | | | | | | (_) | (_| |   \__ \__ \ |  mod_ssl - Apache Interface to SSLeay  
  |_| |_| |_|\___/ \__,_|___|___/___/_|  http://www.engelschall.com/sw/mod_ssl/
                       |_____|         
  _____________________________________________________________________________


  Wishes
  ------

  The following is a list of any types of wishes the users or the author
  of mod_ssl wants to see in future releases.

  *) Ralf S. Engelschall:

     ``I want to see "SSLSessionCache shm" which uses SysV IPC Shared Memory
     to store the inter-process session cache.''

     Status: I've already started to write a shared memory based
             hash module, but want to the mm_alloc library from Charles Randall
             <crandall@matchlogic.com> which provides a shared memory based
             malloc(). Currently he is in contact with his company about
             releasing this library under a BSD-style license so it can be used
             by mod_ssl.

  *) Ralf S. Engelschall

     ``We should provide configuration options for the new HTTPS part
       of mod_proxy. For instance the used ciphers or the certs, etc.''

     Status: As it looks we get this feature for free in the next weeks ;-)

  *) Lai Yiu Fai <ccyflai@ust.hk>:
 
     ``Have anyone think about incorporating LDAP as the backend storage of
     certificate database for mod_ssl?  Right now, it uses SSLFakeBasicAuth to
     translate client certificate into a basic authorization header for
     authentication.  It would be rather clumsy and not easy to maintain.  It
     would be great if mod_ssl can follow Netscape Server in handling SSL
     client authentication:
     1) extract the client certificate subject
     2) match predefined attributes e.g. mail, cn, uid, ... from X.509 subject
     3) search against LDAP with these filters
     4) compare the certificate attribute with the matched DN
     5) if compare OK, authentication succeed.''
    
     Possible LDAP libraries to use: 
     o The OpenLDAP Project [BEST]
       http://www.OpenLDAP.org/
     o The reference implementation LDAP 3.3:
       http://www.umich.edu/~dirsvcs/ldap/ldap.html 
     o Netscape Directory SDK 
       http://www.mozilla.org/directory/

     Ideas and hints can be taken from:
     o LDAP basic authentication module based on Norman Richards:
       http://www.cs.utexas.edu/users/orb/projects/mod_auth_ldap.c 

     State: Good suggestion, but this has to be contributed by someones
            else, because the author has no experiences with LDAP.

  *) Ralf S. Engelschall:
  
     ``It would be nice to have mod_status enhanced for displaying SSL
     information similar to what Stronghold provides. Including
     session cache information.''

     State: Should be not too hard. The Scoreboards needs to be
            extended to allow mod_status to display the information.  When I
            find time this is will be added in one of the next releases.

  *) Holger Reif <Holger.Reif@PrakInf.TU-Ilmenau.DE>:

     He suggests to split out the SSLFakeBasicAuth functionality into a
     separate module because it's an additional stand-alone feature.  Here
     it's only important to find a protocol between the modules for the
     following things:
        - Sharing session context (because of individual cert-checks)
        - Renegotiation (because the client cert is required only
          for a particular directory)

     Status: Holger already started a little project about this at his
             University. Perhaps the result will be contributed to mod_ssl.

  *) Ralf S. Engelschall:

     ``I want an Apache+mod_ssl Test Suite. Perhaps via SSLeay's s_client or
     Perl's SSLeay interface?''

     Status: Will be done in the future but I currently don't know for 
             which release. At least I'll start using this locally for
             development.

  *) Ralf S. Engelschall:

     ``My personal major wish is a compact and easy to install package which
     aids in CA cert loading and especially Client Authentication setup.  The
     existing scripts I know of work but also should be assembled together
     into a user friendly package which can be optionally installed. The best
     start is the HTML and Perl stuff in the article from F.J.Hirsch under
     http://www.camb.opengroup.org/RI/www/prism/wwwj/. It would be nice to
     have mixture of `apachectl' and the `ssleay' interactive mode.''
    
     Status: If anyone is interested to contribute or at least is volunteering
             in cleaning up and integrating this stuff, I would be happy. If
             not perhaps I'll write it myself, but this needs some time...

  *) Andrew Ford <andrew@icarus.demon.co.uk>:
  
     ``One way I had thought of for supporting pass-phrases more securely on
     machines that are exposed to the Internet was to start the web server
     from another system situated behind a firewall.  The public system might
     have to have a way of notifying the internal system that the web server
     should be started or restarted (or maybe the internal machine would
     monitor the public machine continuously).  A process on the internal
     machine could start the web server remotely using a combination of SSH
     and "expect" to send the pass-phrase.  In this way the pass-phrase is not
     stored on the public machine.  I've not actually implemented this --
     although I have used SSH and expect for inter-process communication
     through firewalls without operator intervention -- but I am thinking of
     something like this sort of setup for one of my clients.  Of course one
     could possibly extend mod_ssl so that the use of some sort of secure
     channel to a separate co-process (on another system) to obtain the pass
     phrase was built-in.  But if you are worried about a public server being
     compromised then you cannot really trust any configuration files stored
     on the public system and everything should probably be initiated from the
     more-secure, internal system.''

     Status: It's too much to implement this directly inside Apache+mod_ssl,
             so mod_ssl 2.1 provides at least a plug-in interface
             (`SSLPassPhraseDialog exec:/path/to/program') which can be used to
             connect an external program to mod_ssl which then provides the
             pass phrase. But it would be nice if someone now at least
             contributes such a program (perhaps a Perl script) which receives
             the pass phrase via SSH or other mechanism from a remote machine
             in a secure way.

  *) Andrew Ford <andrew@icarus.demon.co.uk>:

     ``Another variant on this would be to allow 'SSLPassPhraseDialog fd1
     fd2', i.e. Apache/ssl_mod started with file descriptors fd1 and fd2 open
     (for reading and writing respectively) on a pipe to the external process.
     In this scenario the script that starts Apache (securely) would ensure
     that there was a pipe open that would provide the pass phrase (obviously
     these file desciptors should be closed when child server processes are
     started).  I think this would be my preferred option.''

     Status: This filedescriptor passing is a nice idea but not very
             portable. But perhaps we can add it in the future...

  *) Ralf S. Engelschall:

     ``I want to see at least minimal support for Certificate Revocation Lists
     (CRLs). Netscape supports this minimally and so mod_ssl should support at
     least this. Perhaps a SSLRevocationListPath directive where CRLs stay?''

     Status: I've not thought about it in-depth up to now. 

  *) Holger Reif and Ralf S. Engelschall:
   
     ``And then, what about checking wether the SSL VHost
     is really an IP-based Host and refusing to work
     with a particular NameBased VHost with some meanigfull
     warning?''

  *) Holger Reif and Ralf S. Engelschall:

     The gcache stuff from mod_ssl 2.0 was too buggy, but the idea itself
     (using an external program for the cache) _can_ be interesting for
     mod_ssl 2.2 when one things about webclusters and load balancing.
     Perhaps we can rewrite a more robust gcache with a more secure network
     protocol.

  *) Garrett Wollman <wollman@khavrinen.lcs.mit.edu>:
     
     > Does mod_ssl support the SSLv3 anonymous Diffie-Hellman mode
     > (available in ssleay 0.9.0b)?  For the application I'm building, all I
     > need is privacy, not authentication (which for compatibility reasons
     > will be provided using traditional passwords).

     No, mod_ssl (as Apache-SSL) only supports RSA-based cipher specs.
     Because it currently only supports PEM-encoded X.509 certs with RSA keys
     and has no configuration option for DH-based certs. Hmmm... but
     anonymous-DH can be interesting, yes. I'll add it to my TODO list.
     Perhaps we can enable it in future versions. Should be mainly a matter of
     configuring the CipherSuite and skipping or not using the RSA stuff.
     Thanks for the suggestion.

  *) Ralf S. Engelschall:

     ``I want to see support for Diffie Hellman key exchange in mod_ssl. 
       Together with a NO_RSA/NO_IDEA built SSLeay this way one could
       setup a patent-free server. Although Netscape and MSIE don't
       support this. It's still interesting for other Web clients who do.
       For instance: Lynx+SSL :-)''

