From mboxrd@z Thu Jan  1 00:00:00 1970
From: Dave Eckhardt <davide+p9@cs.cmu.edu>
To: 9fans@cse.psu.edu
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <2244.1140562457.1@piper.nectar.cs.cmu.edu>
Date: Tue, 21 Feb 2006 17:54:18 -0500
Message-ID: <2245.1140562458@piper.nectar.cs.cmu.edu>
Subject: [9fans] https/factotum question
Topicbox-Message-UUID: 04471552-ead1-11e9-9d60-3106f5b1d025

Feel free to correct me if I'm wrong, but I feel like
I want to set up a SSL web server in such a way that
only the web server itself can sign web pages.

But it looks to me as if the closest I can come at
present is for the factotum behind /srv/factotum to
contain the RSA key tagged with "owner=none", which I
think means that anybody who is "none", not just the
one web server process and its descendants, can sign
things.

I notice in httpd.c that some things are opened before
becomenone()... would it make sense to somehow latch
onto a "private" factotum at this point and then use
it after becomenone()?

Dave Eckhardt