diff --git a/src/test/test_config_token.py b/src/test/test_config_token.py
index c7ba1f8..bb5f72e 100644
--- a/src/test/test_config_token.py
+++ b/src/test/test_config_token.py
@@ -240,7 +240,9 @@ def test_our_config_token():
 
     my_config_token = my_response.get('configToken')
 
-    payload = jws.verify(my_config_token, key=jwt_decode_key, algorithms=ALGORITHMS.RS256)  # error!
+    # todo: this "jws.verify" will fail, because we *sign* with "nv_si_private_key_pem" but *verify* with
+    # the certificate (which dont belong together)
+    payload = jws.verify(my_config_token, key=jwt_decode_key, algorithms=ALGORITHMS.RS256)
     payload = json.loads(payload)
     assert payload.get('iss') == 'NLS Service Instance'
     assert payload.get('aud') == 'NLS Licensed Client'
diff --git a/src/test/test_decrypt.py b/src/test/test_decrypt.py
index f707062..9d9c807 100644
--- a/src/test/test_decrypt.py
+++ b/src/test/test_decrypt.py
@@ -75,9 +75,12 @@ def test_b64_decode():
 
 
 def test_aes_encrypt():
+    # todo: rebuild DLS's "PublicKey.encrypt_aes()"
     pass
 
 def test_aes_decrypt():
+    # todo: rebuild DLS's "PrivateKey.decrypt_aes()"
+
     nv_private_key = load_pem_private_key(NV_SI_KEY_RSA.encode('utf-8'), password=None)
     assert 2048 == nv_private_key.key_size