diff --git a/TODO b/TODO
index 507f63fe..abaf1647 100644
--- a/TODO
+++ b/TODO
@@ -1,106 +1,104 @@
 0.1
 ---
 
-compress/encrypt: review API crypto->nsscrypto + compress->zlibcompress and ABI
-                  current feels clumpsy and we can save memcpy around
-                  in case we don't encrypt/compress
-
-compress must happen before encrypt, should we compress all? what's
-the price for uncompress on already uncompressed buffer? do we need
-a bit to indicate if pckt is compressed or not?
-is it worth compressing pings? do they compress at all?
-
-config bits:
-- should crypto and compress be part of handle_new? or new api calls?
-  we won't allow runtime changes, so i don't think there is much
-  benefit to have it outside of knet_handle_net for now.
-  We maybe able to spare some duplication between knet_h and knet_cfg struct
+compress: should only compress user data, we will add a bit in the data
+          header to indicate if the pckt is compressed or not (save time).
+          this approach allow runtime change of compress.
+          open questions are: methods? level? zlib? lzo? bz? lzma? xz?
+                              how much do we save by compressin our header?
+                              custom compress callback_fn?
+
+cryto:    make api generic for different methods != nss to match compress
+          review API and config to make sure we save memcpy
+          also expand API to support dual key for rekey process.         
+
+compress must happen before encrypt
 
 link layer:
 
 we need a function to:
 void dst_cache_links_update(knet_host *host);
 that will order link_entries by priority/weight for RR.
 
 Look into link status changes notification (maybe a signal to a thread? or write to a pipe)
 
 * add priority/weight to link config struct
 
 ring:
 
 * support 8 listener per node.
 * index pointer list
 
 general:
 
 * what to log
   log to file: who logins, config changes and link status changes
   log to vty: cmd execution failure
 
 * consider splitting tests/* based on what they test (tap_test -> libtap/) ?
 
 vty:
 
 * split cmd_files
 * basic show info
 * fix check_param for ip/prefix/crypto
 
 0.2
 ---
 
 libtap:
 
 * add man pages
 * improve tests to cover thread safety and more error codes
 
 0.3
 ---
 
 * benchmark tests:
   - all critical paths in ring.c
 
 0.4
 ---
 
 general:
 
 * add statistics
 * add init script / spec file
 * v4/v6 (bindv6only check via cli)
 
 vty:
 
 * add optional options
 * sorting
 * tab completion on options
 
 0.5
 ---
 
 * pong count
 
 0.6
 ---
 
 * dynip
 
 0.7
 ---
 
 * review ring api for libknetring shared lib
 * review tap api for libknettap shared lib
 * review vty api for libknetvty shared lib
 
 1.0-pre
 -------
 
 tests:
 
 * coverity
 * unit test:
   - test all public APIs
   - write ad-doc tests for internal complex functions
   - not required to test return codes from external libs directly
     (we are not testing glibc)
   - test all code paths we write
   - no 0.9/1.0 release without max testing coverage for the core