From docs-return-10478-apmail-httpd-docs-archive=httpd.apache.org@httpd.apache.org Thu Apr 5 13:09:19 2012 Return-Path: X-Original-To: apmail-httpd-docs-archive@www.apache.org Delivered-To: apmail-httpd-docs-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 313C89FF1 for ; Thu, 5 Apr 2012 13:09:19 +0000 (UTC) Received: (qmail 26711 invoked by uid 500); 5 Apr 2012 13:09:19 -0000 Delivered-To: apmail-httpd-docs-archive@httpd.apache.org Received: (qmail 26666 invoked by uid 500); 5 Apr 2012 13:09:18 -0000 Mailing-List: contact docs-help@httpd.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: docs@httpd.apache.org List-Id: Delivered-To: mailing list docs@httpd.apache.org Received: (qmail 26656 invoked by uid 99); 5 Apr 2012 13:09:18 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Apr 2012 13:09:18 +0000 X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (athena.apache.org: local policy) Received: from [209.85.161.173] (HELO mail-gx0-f173.google.com) (209.85.161.173) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 05 Apr 2012 13:09:12 +0000 Received: by ggnp2 with SMTP id p2so836394ggn.18 for ; Thu, 05 Apr 2012 06:08:51 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:mime-version:content-type:subject:date:in-reply-to:to :references:message-id:x-mailer:x-gm-message-state; bh=C1QkAsorZcuu9ZV8q1wyKQ3yiQTeK8oeHK8QnDMvQ8s=; b=ayZGx9TdY+Q4UM5DVfHbtKNFqYtkj/cTsBh723xcomYza9YO7fGg+3zyuCeIi18DUf 5OSUjOxbHsa/nLm248H/1+WG1GYCM+e954tL09d2PFCNGFGEH5/g6joM5PdI71ZsHePG 4h+R0fj+zoq8hYdQMjbTP5+JRqbMXO2MUVHSopE+Wez1sCKqidcjV5q3PjoDZSLwJqBR I5YGvrER/2b3kpN4+xGVhs1T5zGv+/4qBUi/sN4BsM4Z0jp+eCDg74F/4IoLjOneJ99U vYvWn7KT6Eaff1Yuxm4aN87eQLlvyah31TYalGykB+2WnfKpVUIoA6uFHtLXahaihnyG cU8Q== Received: by 10.50.46.138 with SMTP id v10mr1848174igm.18.1333631331198; Thu, 05 Apr 2012 06:08:51 -0700 (PDT) Received: from [192.168.200.198] (74-131-224-250.dhcp.insightbb.com. [74.131.224.250]) by mx.google.com with ESMTPS id df1sm7173285igb.12.2012.04.05.06.08.49 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 05 Apr 2012 06:08:50 -0700 (PDT) From: Rich Bowen Mime-Version: 1.0 (Apple Message framework v1257) Content-Type: multipart/alternative; boundary="Apple-Mail=_0E01D0C3-E2BF-435F-8CB8-D6E84DE0170B" Subject: Re: A review of SSL docs WAS Re: A proposal from Symantec for cleaning up the SSL-related documentation for Apache's HTTPD Date: Thu, 5 Apr 2012 09:08:49 -0400 In-Reply-To: <4F7CD750.6060604@primary.net> To: docs@httpd.apache.org References: <1450567A6AF759499DC553A921B86A2F293FB098BC@TUS1XCHEVSPIN36.SYMC.SYMANTEC.COM> <4F7CD750.6060604@primary.net> Message-Id: <876F253D-AE55-4D12-8598-B3BA5E3CBC4A@rcbowen.com> X-Mailer: Apple Mail (2.1257) X-Gm-Message-State: ALoCoQl93yshgpouOipMMJoZU0ykpuVtOpDIVZ5xS+6CmNMlTewzgrsYNYh5WHe1a/mB4BWq7KIC X-Virus-Checked: Checked by ClamAV on apache.org --Apple-Mail=_0E01D0C3-E2BF-435F-8CB8-D6E84DE0170B Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 On Apr 4, 2012, at 7:20 PM, Daniel Ruggeri wrote: > http://httpd.apache.org/docs/trunk/ssl/ssl_howto.html - The examples = are > still valid in today's world. I'm not sure if this particular doc is = the > place.... but having SSL proxy examples would also be helpful since = all > of those directives actually come from mod_ssl (and there are pointers > in the proxy doco to mod_ssl). Thoughts? Yes, that would be awesome. > http://httpd.apache.org/docs/trunk/ssl/ssl_intro.html - No rubbish = here. > I think this document is outstanding. Excellent. > http://httpd.apache.org/docs/trunk/ssl/ssl_compat.html - This document > may no longer be relevant. There have been so many changes since > creation that I think this doc could be scrapped or repurposed to > discuss integration issues only. Some examples would include notes = about > older browsers and supported levels of crypto, the emergence of = TLS1.1, > SNI and compatible browsers, OCSP, etc. I'm willing to take a whack at > it and will write a bug to make myself do it in the coming days if the > list agrees. >=20 > http://httpd.apache.org/docs/trunk/ssl/ssl_faq.html - Could use a > general refreshing... most of the content isn't bad, but it could = stand > to be reorganized. Does anyone else kind of feel like this kind of > document would be better served as a wiki article? I don't much care where the doc is, as long as everything is interlinked = so that someone doesn't have to go hunting for it. Having it in the doc, = rather than in the wiki, has the advantage that it's there on an = installed system and accessible without going out to the network. > By the way, great job on these docs. SSL is a tough topic and I think > there is more than enough content here to get someone going and keep > them going for a while. It reads like an expert wrote it for = fledgeling > server admin and I'm not sure I agree with a lot of the assertions = made > about the content recently. Those comments come entirely from my ignorance of the topic. My = apologies. -- Rich Bowen rbowen@rcbowen.com :: @rbowen rbowen@apache.org --Apple-Mail=_0E01D0C3-E2BF-435F-8CB8-D6E84DE0170B Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=windows-1252
http://http= d.apache.org/docs/trunk/ssl/ssl_howto.html - The examples = are
still valid in today's world. I'm not sure if this particular doc = is the
place.... but having SSL proxy examples would also be helpful = since all
of those directives actually come from mod_ssl (and there = are pointers
in the proxy doco to mod_ssl). = Thoughts?

Yes, that would be = awesome.

http://http= d.apache.org/docs/trunk/ssl/ssl_intro.html - No rubbish here.
I = think this document is = outstanding.

Excellent.
http://htt= pd.apache.org/docs/trunk/ssl/ssl_compat.html - This document
may = no longer be relevant. There have been so many changes since
creation = that I think this doc could be scrapped or repurposed to
discuss = integration issues only. Some examples would include notes = about
older browsers and supported levels of crypto, the emergence of = TLS1.1,
SNI and compatible browsers, OCSP, etc. I'm willing to take a = whack at
it and will write a bug to make myself do it in the coming = days if the
list agrees.

http://httpd.= apache.org/docs/trunk/ssl/ssl_faq.html - Could use a
general = refreshing... most of the content isn't bad, but it could stand
to be = reorganized. Does anyone else kind of feel like this kind of
document = would be better served as a wiki = article?

I don't much care = where the doc is, as long as everything is interlinked so that someone = doesn't have to go hunting for it. Having it in the doc, rather than in = the wiki, has the advantage that it's there on an installed system and = accessible without going out to the = network.

By the way, = great job on these docs. SSL is a tough topic and I think
there is = more than enough content here to get someone going and keep
them = going for a while. It reads like an expert wrote it for = fledgeling
server admin and I'm not sure I agree with a lot of the = assertions made
about the content = recently.

Those comments = come entirely from my ignorance of the topic. My = apologies.

--
Rich Bowen
rbowen@rcbowen.com :: = @rbowen
rbowen@apache.org





= --Apple-Mail=_0E01D0C3-E2BF-435F-8CB8-D6E84DE0170B--