docs: add todos

iso15118/secc/states/iso15118_2_states.py

@@ -874,6 +874,10 @@ async def process_message(
             # TODO Either an MO Root certificate or a V2G Root certificate
             #      could be used to verify, need to be flexible with regards
             #      to the PKI that is used.
+            # TODO GitHub#94: If root_cert is not present, we should
+            #      fall back to sending the leaf and sub-CA certificates,
+            #      allowing the CSMS to attempt to retrieve the root certificate
+            #      and construct the OCSP data itself.
             root_cert_path = self._mobility_operator_root_cert_path()
             root_cert = load_cert(root_cert_path)
             verify_certs(leaf_cert, sub_ca_certs, root_cert)

iso15118/shared/messages/enums.py

@@ -423,5 +423,5 @@ class Contactor(IntEnum):
 
 class AuthorizationTokenType(str, Enum):
     EMAID = "eMAID"
-    # TODO: Do we need to define this in a more complete way?
+    # TODO GitHub#95: Do we need to define this in a more complete way?
     EXTERNAL = "external"

iso15118/shared/security.py

@@ -1168,7 +1168,7 @@ def derive_certificate_hash_data(
     try:
         responder_url = get_ocsp_url_for_certificate(certificate)
     except (ExtensionNotFound, OCSPServerNotFoundError):
-        # TODO: This may just result in failure down the road.
+        # TODO GitHub#96: This may just result in failure down the road.
         # Should we let this fail on these exceptions, or is there
         # another way to try to get a responder_url?
         responder_url = "https://www.example.com/"