From 7dcec92bf960a9bb0e870c54ab47749093f81944 Mon Sep 17 00:00:00 2001
From: Eli Ribble <eli@theribbles.org>
Date: Mon, 6 Nov 2023 11:19:42 -0700
Subject: [PATCH] Add TODO related to aegis cert.

---
 README.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/README.md b/README.md
index 34f9ea0..24051d3 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,14 @@ Tool for producing identities
 
 Anagram of "Gorgon".
 
+## TODO
+
+ * Fix up the aegis generation script to ensure that I either have, or don't need, the extensions from Step CA:
+   * X509v3 Key Usage: critical
+   *  Certificate Sign, CRL Sign
+   * X509v3 Basic Constraints: critical
+   *  CA:TRUE, pathlen:1
+
 ## aegis-generate
 
 This generates an initial ID, known as an 'aegis'. It uses [step-ca](https://smallstep.com/docs/step-cli/the-step-command/) defaults which puts the data files in `$HOME/.step`.