* examples
  create example for BigInteger
  create example for OpenPGP
  create example for using TLS with smart cards (maybe reuse ssltest?)

* additional unit tests (using QTestLib):
  - OpenPGP - encryption/decryption
  - CMS
  - TLS ?
  - SASL ?
  - FileWatch / DirWatch
  - Complete the pkits tests

* write plugin support - most plugins need at least some work

* 2.0.1
  +keystore write support is broken, due to metatype stuff.  make sure all
     write types are correct, and that removal also works.
  +lazy-create the global logger, else we end up with QObject created before
     qapp in the standard case
  +unloadAllPlugins should also shutdown keystores beforehand
  +use deleteLater on QTimer and QSocketNotifier, to avoid qt 4.4 warning
  +qpipe.cpp: lines 771, 856.  warning: int result might be uninitialized.
  +qpipe.cpp: make sure the "(int)" casts handle overflow
  +installwin.bat should ensure %QTDIR% is set
  +installwin.bat should put quotes around paths to support spaces
  +dirwatch/filewatch: empty string means no monitoring. don't attempt to watch
     a blank filename
  +dirwatch/filewatch: connect() statement wrong
  +filewatch: track across create/delete
  +fix wildcard matching
  +on linux, the pkgconfig files for release/debug should be the same.  on
     mac, they should differ.
  +clean up plugin dtext, it's too verbose (mentioning same files over and
     over).  also, use QPluginLoader.errorString()
  +don't rescan just because we're using a default provider
  +plugin dtext: log feature names being checked for
  +tls/sasl: fix update bug (reported feb 20th)
  +qcatool2 should be version 2.0.x, just like plugins are
  +sasl examples should allow setting protocol name
  +completely clean sasl examples
  use deleteLater on any object that might emit from a metacall.  consider a
    way to de-metacall-ify internally so qca users aren't required to
    deleteLater on public api objects.  this is to work around a bug fixed
    in qt 4.3.5 and 4.4.0, so maybe we just wait for 4.3.5...

* 2.0.2
  cms example: User.pem expired.  probably other certs need regen also?
  fix publickeyexample.  it encrypts with cms, decrypts with raw rsa??
  qcatool: instead of printing full usage at every wrong turn, we might try
    to print something closer to the context
  publickey: use_asker_fallback should use ErrorPassphrase
  cmssigner: convert path separators in field when loading a pkcs11 module
  cert: better makeFriendlyName diffing for key usage (consider OIDs) ?
  cert unit tests need to test wildcards!!
  make sure all examples start with initializer then qapp
  consider a more readable implementation of qca_securelayer logic using the
    object-sessions concept (write the blog first :))

* 2.1.0
  CertificateAuthority constructor provider argument should have default value

* possibilities for the future:
  find a better way for a provider to automatically promote itself?  (see
    qca-wingss)
  can we ever get SASL::NoAuthzid?
  make it possible to change GNUPGHOME and have qca-gnupg respect the change?
    see pgpunittest.
  why is Logger a QObject?
  it seems strange that Logger friends QCA::Global...
  operator==,!= for PGPKey?
  gss/kerberos interface?
  spnego?
  make sure it is possible to add new public key types (e.g. ECC).  right now
    it looks like qca_publickey is hard-coded sometimes (such as canVerify()
    returning true only for RSA and DSA public keys, no way to override this
    in a plugin...)
  if you store a typical self-signed cert into the system store as a way to
    trust it, does that make you vulnerable to the cert signing other certs?
  make distinction between invalid ca and ca not found
  make distinction between depth 0 self-signed and self-signed in chain
  use Q_PROPERTY on some things (e.g. TLS::compressionEnabled) ?
  signRequest should allow specifying the serial number
  qca-ossl: give credit to tim and "openssl" itself, not just eric?
  tls: should there be an explicit property for requesting a certificate in
    server mode?  right now qca-ossl simply always asks for a cert
  publickey: ability to compare keys without IO support
  provider: separate public and private keys into two classes to enable
    delegation easier.  the public part should not be implemented by most
    providers.
  provider: make it possible to support RSA and DSA keys without implementing
    a separate class for each.
  qcatool: streaming securemessage operations
  access to list of known cached certs, similar to how cmssigner works?
  securemessage: ability to know which key has performed a decrypt?
  emsa3Encode: implement in provider instead of qca?
  OCSP
  securelayer: ability to specify how much to read, rather than just read all
  tls ocsp stapling
  tls: pgp, psk auth ?
  internally managed intermediate object storage
  securemessage: algorithm selection for cms/pgp (and use SecurityLevel?)
  tls: renegotiation
  Key wrapping - RFC3217 and RFC3394
  quoted-printable TextFilter
  keygen on smart cards
  keystore: symmetric keys, arbitrary app data
  cert: any other fields we don't support but might be used out there
  cert: support for arbitrary extensions?
  cms: fine-grained control over smime attribs
  convertToPublic should return a publickey rather than change itself
  providers for:
    Mozilla NSS
    Windows CryptoAPI
    Linux kernel crypto support, if the userspace API ever gets sorted out
    Intel Performance Primatives library
    Botan: partly implemented
    EGD / EGADS: implement for Random support