Planning for first stable release?

[hafkenscheid]

Hi there,
I am curious if you have a planning for releasing the first stable version.
Maybe you need some help?

[madwizard-thomas]

Hi,
There is no real strict planning but I'm aiming for July. The basic verification of keys is already functional and I actually use the library in production already. The main reasons there is not a stable version yet are:

• The API interface needs to be stabilized, use of interfaces is not always consistent and I may refactor some namespaces around to make things more logical
• Parsing and validation of all attestation types is complete but verification against trust anchors, specific policies (e.g. allow None or Self, require MDS) is still a work in progress.
• Support for the metadata service (MDS) is a work in progress. Even though in it's current state MDS is pretty much useless it would be nice to support it.
• I'd like to pass the FIDO conformance tests. I've passed these tests 100% in some test versions but that code needs to be refactored into something more structured.
• Certificate revocation checks (CRL) are difficult in PHP. The only implementation I know of is phpseclib but it doesn't support EC CRL signatures. It seems version 3 does but that is not stable yet, I'm hoping that will happen soon. I have tried parsing CRL's myself which is doable, although it is very slow with large CRL's. The conformance tests require CRL's to pass the tests. In practice I think the MDS data in itself would be sufficient since it allows to explicitly mark compromised keys anyway.
• A builder or similar pattern needs to be figured out to setup the server object. This is a bit complex to do manually.

I'ts difficult to pinpoint a specific point to help with since it's all related but if I think of something I'll create some separate issues for it.
More test coverage is also something that is always welcome or any issues that may pop up from code review.