diff --git a/README.md b/README.md
index 34f9ea0..24051d3 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,14 @@ Tool for producing identities
 
 Anagram of "Gorgon".
 
+## TODO
+
+ * Fix up the aegis generation script to ensure that I either have, or don't need, the extensions from Step CA:
+   * X509v3 Key Usage: critical
+   *  Certificate Sign, CRL Sign
+   * X509v3 Basic Constraints: critical
+   *  CA:TRUE, pathlen:1
+
 ## aegis-generate
 
 This generates an initial ID, known as an 'aegis'. It uses [step-ca](https://smallstep.com/docs/step-cli/the-step-command/) defaults which puts the data files in `$HOME/.step`.