If you want to contribute (implement something from the current list, or anything), contact the developer's mailing list (gnutls-dev@lists.gnupg.org), in order to avoid having people working on the same thing. Current list: * Convert the current sexp stuff to the gcrypt ac API. * Make the current ciphering code a bit more abstract to allow easy integration with TLS hardware. * Make the session data (used for session resuming) platform independent. * Allow adding multiple subject alternative names. * Allow verifying of certificates on their reception. * Verify added CRLs (is it really needed?) * Document the format for the supported DN attributes. * Audit the code - Add gnutls_certificate_set_openpgp_keyring() function, similar to gnutls_certificate_set_openpgp_key(). - Use subkeys with the 0x20 flag in openpgp keys (if present), instead of the main key. - Add function to extract the signers of an openpgp key. Should be similar to gnutls_x509_crt_get_dn_oid(). - Add function to verify an openpgp key against a plain key. - Clean up name space of helper functions in library (memmem, firstElement, bit_mask, ...) for platforms that libtool's -export-symbols-regex doesn't work. - Allow sending V2 Hello messages. It seems that some (old) broken implementations require that. - Add Kerberos support - Certificate chain validation improvements: - Implement "correct" DN comparison (instead of memcmp). - Support critical key usage KeyCertSign and cRLSign. - Support path length constraints. - RFC 3280 compliant certificate path validation. - Add Pre-Shared-Key support. - Add progress handler gnutls_{dh,rsa}_params_generate2, to allow application to give progress feedback to user. - Support non-blocking gnutls_{dh,rsa}_params_generate2 for when there is not enough entropy available. - Implement Datagram-TLS (DTLS). - Short-cut the certificate verification algorithm before the root if a middle-CA is trusted. (+) Means high priority (*) Means medium priority (-) Means low priority (ie. nobody is interested to develop that)