add support of card holder certificate

doc/HACKING

@@ -29,11 +29,10 @@ It would be good not to use malloc.
 Get it from FSFE.
 
 
-* [Partially DONE] Serial number
+* [Mostly DONE] Serial number
 
-Currently, aid[] in openpgp-do.c has serial number 00000001.
-It would be good to generate (random) number at compile time.
-Use same serial number for OpenPGPcard and USB serial number.
+The AID of the card contains serial number.  It should be unique.  USB
+serial number should be unique to identify different tokens, too.
 
 
 * Flash ROM recover from shutdown

doc/NOTES

@@ -4,15 +4,15 @@ USB communication
   * No command chaining, but extended APDU and extended Lc and Le.
     I think that this keep the code simple.
 
-  * Once, the value of dwMaxCCIDMessageLength was 64 and we supported
-    ICC block chaining, so that we could not handle multple Bulk
-    transactions.
+  * Once in the past (version <= 0.4), the value of
+    dwMaxCCIDMessageLength was 64 and we supported ICC block chaining,
+    so that we could not handle multple Bulk transactions.
 
   * Now, the value of dwMaxCCIDMessageLength is 320, that's the size
     of header of ICC block plus size of maximum APDU (by 64
-    granularity).  Still, some ccid implementation sends ICC block
-    using chaining (unfortunately), so we keep the code of ICC block
-    chaining.
+    granularity).  Still, some ccid implementation (ccid 1.3.11, for
+    example) sends ICC block using chaining unfortunately, so we keep
+    the code of ICC block chaining.
 
 
 OpenPGP card protocol implementation