I'm new to CFSSL and have some questions related to authentication. Thanks in advance.

1. In cfssl/cli/serve/serve.go, I see the "authsign" endpoint ... which is the authenticated version of "sign". Is the plan to add an "auth" version of all/most other endpoints as well?

2. I would like to add more endpoints and also add security to all existing endpoints as non-obtrusively to the existing serve.go code as possible. A public method to add a new endpoint would obviously be nice. But in order to add security to existing endpoints, it seems a middleware pattern (like express or sinatra) would work well. However, since each Handle method performs it's own ioutil.ReadAll of the request body, it makes this pattern impossible, right? Could the code be changed to use gorilla/mux or something else express or sinatra-like to make this possible?

3. The "newcert" endpoint returns a private key. I thought private keys should never flow over the network. Is this standard or recommended?

Thanks