# Issues/PRs

* #350
    * TODO(RLB): Make sure it bases CI, then merge
* #348
    * RLB concerned about ordering concerns here, since
      the signature public key to verify is from the tree
    * TODO(RLB): Add explanatory text to clarify that you
      MUST download the whole tree in order to process
      the Welcome, and how you verify a Welcome based on
       a tree
    * Once RR signs off on edits, will merge
* #219
    * RLB proposes that it might be better to punt this to
      the application level
    * TODO(SPT): Try to spur some more mailing list
      discussion
* #336
    * TODO(RLB): Pick mailing list thread back up, make
      progress on it
    * TODO(SPT): Make sure that this happens
* #337
    * Hoyland, Hale still working with the proofs, will
      follow up off-line
    * SPT: Two tracks - get the PR ready, get more crypto
      feedback
    * TODO(Brzuska): Follow up with Holland, Hale
    * TODO(Brzuska): Solicit feedback on CFRG (SPT to help)
* #349
    * Hale is concerned that a malicious insider could
      induce collisions in epoch ID, leading to
      authentication issues
    * RLB points out that epoch IDs are *already* collision
      prone
    * RR observes that DS is supposed to enforce ordering,
      so an attack here would require subverting that
      property
    * Discussion to continue on the list