diff --git a/cmd/authwrapper/setup.go b/cmd/authwrapper/setup.go
index 0116af0..96da471 100644
--- a/cmd/authwrapper/setup.go
+++ b/cmd/authwrapper/setup.go
@@ -170,6 +170,7 @@ func setupKeyring(config *Config) (agent.ExtendedAgent, error) {
 
 	if config.SSHSigningServerURL != "" {
 		var errors []error
+		// TODO: support fetching new certs when they expire
 		for _, signer := range signers {
 			userCert, err := fetchUserCert(config.SSHSigningServerURL, signer.Signer, config.Command, config.Args, config.RequestedPrincipals)
 			if err != nil {
diff --git a/server/main.go b/server/main.go
index 1f2b4fa..8c732bd 100644
--- a/server/main.go
+++ b/server/main.go
@@ -59,6 +59,7 @@ type SigningServer struct {
 // NewSigningServer creates a new server
 func NewSigningServer(caKey ssh.Signer, allowedKeys []AllowedKey) *SigningServer {
 	var allowedKeysMap = map[string]*AllowedKey{}
+
 	for i, allowedKey := range allowedKeys {
 		pubkeyString := strings.TrimSuffix(string(ssh.MarshalAuthorizedKey(allowedKey.Key)), "\n")
 		allowedKeysMap[pubkeyString] = &allowedKeys[i]
diff --git a/sshagent/keyring.go b/sshagent/keyring.go
index 5c4dae3..81d9963 100644
--- a/sshagent/keyring.go
+++ b/sshagent/keyring.go
@@ -70,6 +70,8 @@ func (r *sshAlgorithmSignerKeyring) List() ([]*agent.Key, error) {
 	// TODO: the go lang ssh cert implementation does not support forcing rsa-sha2-256-cert-v01@openssh.com or rsa-sha2-512-cert-v01@openssh.com
 	// https://cvsweb.openbsd.org/src/usr.bin/ssh/PROTOCOL.certkeys?annotate=HEAD
 	// To fix this we would need to replace the keyname in the certBlob with one of the names listed.
+	// This seems to be fixed in a newer go version, when this is merged:
+	// https://github.com/golang/go/issues/37278
 	for _, certificate := range r.sshCertificates {
 		keys = append(keys, &agent.Key{
 			Format:  certificate.Certificate.Type(),