On Tue, 2004-12-21 at 21:28 +0100, Enrico Scholz wrote: > A better place for the certificates would be somewhere under /etc. Longer term, I think we really want a more formal certificate management system, with a defined interface for installing a certificate on the system (or for a specific user), removing certificates, granting access to certain certificates to particular daemons, creating a new CA, etc. And most importantly, get every application to use it. Right now it's just crazy with applications dropping certificates in any random place with ad-hoc access controls, and applications not using the same verification chains. A first step at this could be a utility like install-certificate that just dropped certs into a well-defined directory in /etc.
