On Tue, 2005-04-19 at 23:21 +0100, Joe Orton wrote:
> /etc/keys/{public,private} is a bit minimal, I think we really need to
> take enough time to address where to put CRLs, the CA bundle, and
> everything else that currently goes in /usr/share/ssl/* and
> /etc/httpd/conf/ssl.* in one shot at least, otherwise we'll spend a
> couple of release mucking users about by moving stuff around.
Agreed! However, I wanted to make progress rather than thrash without
resolution, which has tended to be the history of this topic :-) I'm
afraid getting it "all correct" is a tall order and the issue of
breaking apps who are used to the /usr/share/ssl location has to be
taken into consideration. A gradual migration away from /usr/share/ssl
might be more practical, but like I said you make a valid point.
Any reason why CRL's and the CA bundle couldn't live there as well
(whatever the name is)?
> /etc/keys is not the obvious choice of name to me - I'd prefer /etc/pki
> or /etc/ssl, unless anyone has plans to put anything other than X.509
> stuff in there?
We kinda knew the name would be controversal. There was an expectation
that things other than X.509 could live there too, hence the generic
name, but a "rose is a rose" :-) whatever name folks are happy with.
--
John Dennis <jdennis@xxxxxxxxxx>
