[BUG] it looks like the method for generating randomness in OpenSSL 
[006] influences some of the public-key encryptions (not sure if this is our
      bug or one in OpenSSL)

[BUG] if the time is not synchronized between name servers, then a
[005] certificate looks like it is expired; the code tries to deallocate
      some keys, and it crashes.

[BUG] when the latency test is run more than 100 times, the resolver crashes
[004] (this bug may be related to some missing memory deallocation)

[BUG] when the name servers are in different timezones, some errors seem to
[003] occur because the TTL of certificates looks to be expired


[BUG] when a resolver is trying to resolve a name, and has already initiated
[002] the resolving process. The resolver tries to send a query to the next
      name server in the chain, and the certificate for that name server has
      just expired, but the RR for that name server is still valid. 
      Basically, the TTL for the certificate is shorter that the TTL for the
      RR of a name server, and when the resolving process started, the
      resolver did not know the certificate for one of the name servers in
      the chain will expire in the middle of the resolving process.  In this
      case he resolver tries to send a root certificate request to that name
      server, even if it's not a root name server. This happens because at
      that point in the resolving process, the resolver does not have the IP
      address of the next name server in the chain.

[BUG] the DNS server crashes when it receives a fake certificate with
[001] wrong size