Update to the original suggestions.
#1. $sslhash provides most of Item#1. I know it seems kinda silly to support md5 here, but as I mentioned in the original feature suggestion, Snoonet uses the md5 fingerprint. This is just an observation, as I don't use Snoonet, but I know people who do.
#5. I see we can now create RSA certs at 3 different lengths. It would be great if the new $sslhash has additional .prop to give additional info about the active cert:
* expiration date
* type and bit length
Since an RSA key can be created by OpenSSL, the bit length doesn't necessarily match one of the choices offered by mIRC.
#6. Related to avoiding being fingerprinted by an installed certificate being broadcast at all networks even if it's not being used for SASL at all networks. I had mentioned that anti-fingerprinting behavior is somewhat available in the /server -k switch, except that requires creating another certificate in order to broadcast a different fingerprint.
It would also be great if the anti fingerprinting behavior of /server -k could also be in a sockopen switch, as I've been informed that when I install an RSA cert into mIRC, that it's also being used for all /sockopen -e connections too.