Currently server.Stop() doesn't actually do anything. This doesn't matter in practice since the process will exit imminently, which will shut down the HTTP/HTTPS listeners, but we really should stop those listeners explicitly.

Currently crossSignCAHandler runs pem.Decode without checking the PEM block type; this should be fixed.

https://github.com/namecoin/dnssec-hsts-native/ has some example code for doing TLSA queries; it's based heavily on miekg's q example program.

When we call Do from qlib, we trigger this linter warning:

Function `Do->sigCheck->sectionCheck->getKey->Exchange->Dial` should pass the context parameter (contextcheck)

We should fix this. It may require patches to qlib.

It would be useful to have Cirrus tests for various TLS implementations to make sure they accept certificates given by Encaya.

• Windows CryptoAPI (presumably PowerShell will work fine like what we do in certinject)
• GNU/Linux Chromium
• macOS Chromium
• macOS Safari
• Android/Linux Chromium
• iOS Safari

We should support isolating the certificate caches (domainCertCache, negativeCertCache, and originalCertCache) based on stream isolation.

It would be helpful to support listening on non-IP socket types like HTTP over Unix domain sockets and HTTP over Windows named pipes (we currently only support HTTP over TCP and HTTP over TLS). This would facilitate better sandboxing via ACL's and AppArmor. It obviously wouldn't work for standard AIA use cases since no mainstream web browsers will do non-IP sockets, but ncp11 would be fine.

• HTTP over Unix domain sockets
• HTTP over Windows named pipes

We should support passing-through stream isolation data to the configured DNS resolver.

• ncdns dl link: https://www.namecoin.org/files/ncdns/ncdns-0.3.1/ncdns-0.3.1-x86_64-install-fb9d49.exe
• SHA256: ee279a011c56a2d49d558ad1a722d83e1a3f4f4bb7e8460b63dba6bd65cf7044

If a TLSA record contains a public key rather than a certificate, we should synthesize a certificate with name constraints set appropriately and return that. The generate_nmc_cert source code in ncdns's repo as well as the crosssignnameconstraint source code should be a pretty good guide to this.

We are still running into occasional issues where an AIA Parent certificate will be loaded from the CryptNet cache (as opposed to the network) on Windows even though the cached cert has expired. This causes cert validation to fail when revisiting a site that was previously visited some days/weeks ago. This doc insinuates that the cache keeps track of the following response headers:

• Last-Modified
• max-age in Cache-Control
• ETag

This means we might be able to fix this breakage by including those response headers in Encaya. (Right now, none of them are included by Encaya.)

The root CA cert's private key is more dangerous than the TLD CA's private key, because not all TLS implementations honor name constraints for root CA's. We should avoid ever writing the root CA private key to storage; instead we should export a root CA cert, a TLD CA cert, and a TLD CA private key.

It would be useful to support cross-signing in crossSignCAHandler with a signer key that's non-ECDSA (e.g. Ed25519).