Chis Schultz and Mark Thomas, I started a new thread as the old one was getting too long and getting off subject. Chris Schultz wrote -
<Don, <I haven't really read this, yet, but my first impression is that it <provides a lot of background that we have tried NOT to repeat on the <Tomcat site. The world doesn't need "another TLS background page." <As a beginning user, what would you think about having to be sent to <other "background resources" before reading the Tomcat documentation? <I'd prefer not to "re-write the wheel", if you know what I mean. I had the same concerns as I started the write-up. The audience experienced in computer security and SSL/TLS would find this a distraction. However, as I dug into this two other concerns related to the beginner came to the fore. First there is a huge amount of technical information on these subjects spread over many papers and internet comments. Which and how much to read and how to detect inaccurate information (yes there is some of that out there), is quite difficult. Second the information was (IMHO) too detailed or too shallow for what the beginner user of SSL for Tomcat would need. Consequently, as I wrote, leaning on my recent beginner experience, I came to the conclusion that something targeted for our particular situation was warranted. How about this. The main SSL for Tomcat page just has a how-to-do-it part and a reference to a targeted SSL/TLS write-up similar to the first part of my write-up. As things stand now the SSL/TLS Configuration How-To sends you off to a write-up on openssl and the jave keytool, which was not helpful to me at the beginner stage. The main page contains technical information on using a self signed certificate, which IMHO just sows more confusion in the beginner's mind. Also, the sections 'SSL/TLS and Tomcat', Certificates and 'General Tips on Running SSL' don't give enough information for the beginner and are not necessary for the experienced security person. I agree that the world doesn't need another TLS background page, However, I think a background page targeted on the particular problem of setting up SSL/TLS for Tomcat would be of help to the beginner, at least it would be for me. Don
