> /etc/keys/{public,private} is a bit minimal, I think we really need to
> take enough time to address where to put CRLs, the CA bundle, and
> everything else that currently goes in /usr/share/ssl/* and
> /etc/httpd/conf/ssl.* in one shot at least, otherwise we'll spend a
> couple of release mucking users about by moving stuff around.
>
> /etc/keys is not the obvious choice of name to me - I'd prefer /etc/pki
> or /etc/ssl, unless anyone has plans to put anything other than X.509
> stuff in there?
if that's the case go with /etc/ssl over /etc/pki - if only b/c from the
sysadmins I know - most know what ssl is - not everyone knows what pki
is.
-sv
