> > A better place for the certificates would be somewhere under /etc. > > Longer term, I think we really want a more formal certificate management > system, with a defined interface for installing a certificate on the > system (or for a specific user), removing certificates, granting access > to certain certificates to particular daemons, creating a new CA, etc. > And most importantly, get every application to use it. Right now it's > just crazy with applications dropping certificates in any random place > with ad-hoc access controls, and applications not using the same > verification chains. > > A first step at this could be a utility like install-certificate that > just dropped certs into a well-defined directory in /etc. Sounds like the certificate stuff redhat bought from Netscape would fit the bill quite nicely when they finish all the various stuff required to release it. P
