2 - Implement CRL and OCSP parts of x509
3 - Implement permissions grant based on certificates
5 - manage upgrading packages
6 - use key facilities of kernel
7 - remove the link to the icon on failure or create it lately
8 - improves safety on power failure