mod_md and ManagedDomain

[Stefan Eissing <st...@greenbytes.de>]

Not much input regarding this naming change. Personally, I like to keep '<ManagedDomain' as is.

I propose the following changes:

1. The simple, single line 'ManagedDomain' will be renamed to 'MDGroup'
2. The not so intuitive differences between 'MDMember' and 'MDMembers' will be solved by removing the 'MDMembers' directive. 'Auto' membership is now always the default mode and can no longer be changed globally. 'Manual' membership mode must be set explicitly for every MDGroup/ManagedDomain that shall behave like that.
3. 'MDStoreDir' will be renamed to 'MDStore' to leave room for future, non-file based storage methods.
4. 'MDCAChallenges' will be renamed to 'MDCertificateChallenge' to have the same prefix as other directives for the signup/renewal protocol
5. 'MDPrivateKeys' will be renamed to 'MDPrivateKey' as it was the last one that used a plural wording.

If no one objects, I will do the changes in the upcoming days.

Cheers,

Stefan

Re: mod_md and ManagedDomain

[Rich Bowen <rb...@rcbowen.com>]

On 12/04/2017 08:16 AM, Stefan Eissing wrote:
> Not much input regarding this naming change. Personally, I like to keep '<ManagedDomain' as is.
>
> I propose the following changes:
>
> 1. The simple, single line 'ManagedDomain' will be renamed to 'MDGroup'
> 2. The not so intuitive differences between 'MDMember' and 'MDMembers' will be solved by removing the 'MDMembers' directive. 'Auto' membership is now always the default mode and can no longer be changed globally. 'Manual' membership mode must be set explicitly for every MDGroup/ManagedDomain that shall behave like that.
> 3. 'MDStoreDir' will be renamed to 'MDStore' to leave room for future, non-file based storage methods.
> 4. 'MDCAChallenges' will be renamed to 'MDCertificateChallenge' to have the same prefix as other directives for the signup/renewal protocol
> 5. 'MDPrivateKeys' will be renamed to 'MDPrivateKey' as it was the last one that used a plural wording.
>
> If no one objects, I will do the changes in the upcoming days.
>
> Cheers,
>
>

Sounds good to me.

Re: mod_md and ManagedDomain

[Jim Jagielski <ji...@jaguNET.com>]

+1!

> On Dec 4, 2017, at 8:16 AM, Stefan Eissing <st...@greenbytes.de> wrote:
> 
> Not much input regarding this naming change. Personally, I like to keep '<ManagedDomain' as is.
> 
> I propose the following changes:
> 
> 1. The simple, single line 'ManagedDomain' will be renamed to 'MDGroup'
> 2. The not so intuitive differences between 'MDMember' and 'MDMembers' will be solved by removing the 'MDMembers' directive. 'Auto' membership is now always the default mode and can no longer be changed globally. 'Manual' membership mode must be set explicitly for every MDGroup/ManagedDomain that shall behave like that.
> 3. 'MDStoreDir' will be renamed to 'MDStore' to leave room for future, non-file based storage methods.
> 4. 'MDCAChallenges' will be renamed to 'MDCertificateChallenge' to have the same prefix as other directives for the signup/renewal protocol
> 5. 'MDPrivateKeys' will be renamed to 'MDPrivateKey' as it was the last one that used a plural wording.
> 
> If no one objects, I will do the changes in the upcoming days.
> 
> Cheers,
> 
> Stefan

Re: mod_md and ManagedDomain

[Rich Bowen <rb...@rcbowen.com>]

On 12/05/2017 10:48 AM, Stefan Eissing wrote:
> Ok, so that something good comes out of all this: Rich just promised to sing at the next ApacheCon, right Rich?

If I did, I must have had too much scotch ...

> 
> "Keys", by ManagedDomainFormerlyCalledYouKnowWhat:
> 
> "You don't conf certificates
>   to turn me on,
>   I just give encryption, baby,
>   from dusk till dawn."

If you sing it with me, I'm there. :D

--Rich

>> Am 05.12.2017 um 15:09 schrieb Daniel <df...@gmail.com>:
>>
>> hahaha
>>
>> <MDRulesYourWorld>
>>
>> I understand it it may seem silly to discuss this or that name I think
>> it will be of great benefit to find a good name in the long run, to
>> make it easy to recognize and/or user support.
>>
>> 2017-12-05 15:06 GMT+01:00 Stefan Eissing <st...@greenbytes.de>:
>>> <MDYouLookBeautifulToday>?
>>>
>>>> Am 05.12.2017 um 15:03 schrieb Luca Toscano <to...@gmail.com>:
>>>>
>>>> Maybe ManagedDomain and <ManagedDomainDefine>, as iiuc we are going to use for SSLPolicy?
>>>>
>>>> Luca
>>>>
>>>> 2017-12-05 14:47 GMT+01:00 Stefan Eissing <st...@greenbytes.de>:
>>>> Totally agree with you. If you make a better proposal that avoids existing overlaps, I might just pick it up.
>>>>
>>>> -Stefan
>>>>
>>>>> Am 05.12.2017 um 14:40 schrieb Luca Toscano <to...@gmail.com>:
>>>>>
>>>>> Hi Stefan,
>>>>>
>>>>> 2017-12-04 14:16 GMT+01:00 Stefan Eissing <st...@greenbytes.de>:
>>>>> Not much input regarding this naming change. Personally, I like to keep '<ManagedDomain' as is.
>>>>>
>>>>> I propose the following changes:
>>>>>
>>>>> 1. The simple, single line 'ManagedDomain' will be renamed to 'MDGroup'
>>>>>
>>>>> I personally find the renaming a bit confusing, since visually there is no affinity between <ManagedDomain> and MDGroup, but I liked the previous naming so I might be biased. If the majority thinks this is the way to go I am fine with it, just wanted to express my opinion :)
>>>>>
>>>>> Luca
>>>>>
>>>>
>>>>
>>>
>>
>>
>>
>> -- 
>> Daniel Ferradal
>> IT Specialist
>>
>> email         dferradal at gmail.com
>> linkedin     es.linkedin.com/in/danielferradal
> 

Re: mod_md and ManagedDomain

[Daniel <df...@gmail.com>]

probably I don't stumble into #httpd enough :P . I'm ezra-s there btw.

2017-12-07 16:32 GMT+01:00 Eric Covener <co...@gmail.com>:
>> Perhaps a more schematic view will clear things up
>>
>> mod_md: generates certfiicates for domains
>> mod_ssl: Load certificates for domains. If mod_md is present and
>> manages a domain, mod_ssl is supposed to use mod_md ones instead of
>> those manually given through file paths.
>
> Think about people stumbling into #httpd though.



-- 
Daniel Ferradal
IT Specialist

email         dferradal at gmail.com
linkedin     es.linkedin.com/in/danielferradal

Re: mod_md and ManagedDomain

[Eric Covener <co...@gmail.com>]

> Perhaps a more schematic view will clear things up
>
> mod_md: generates certfiicates for domains
> mod_ssl: Load certificates for domains. If mod_md is present and
> manages a domain, mod_ssl is supposed to use mod_md ones instead of
> those manually given through file paths.

Think about people stumbling into #httpd though.

Re: mod_md and ManagedDomain

[Daniel <df...@gmail.com>]

2017-12-07 14:34 GMT+01:00 Steffen <in...@apachelounge.com>:
> I find the word Managed in ManagedDomain and MD in the other settings already confusing, are not easy recognized.
>
> In fact lots of settings are managing domain(s).
>
> What does mod_md manage ?

A basic understanding or reading of the mod_md page will tell you it
is to manage generation of certificates automatically. Certificates
are associated with CN Names and those with virtualhost names. I have
a hard time trying to understand what is difficult to understand about
what mod_md is.

Perhaps changing the main description a bit will make it more
understable? "Managing domains certificates across virtual hosts,
certificate provisioning via the ACME protocol" ?

>
> For me mod_md manages in the area of SSL(certificates automation).
>
> To be more easy to recognize, I propose to make SSL include in all the md settings.  In front or somewhere in the name, for example SSLManagedDomain, SSLMDMember or ManagedSSLDomain, MDSSLMember.
>
> Maybe we can consider to rename the module to SSL_MD and include the source in modules/ssl.
>

I've used mod_md a bit and what you describe looks on first sight
quite convoluted.

mod_md has a specific purpose to generate certificates for
specific/managed domains, but why mix directives with mod_ssl?

Perhaps a more schematic view will clear things up

mod_md: generates certfiicates for domains
mod_ssl: Load certificates for domains. If mod_md is present and
manages a domain, mod_ssl is supposed to use mod_md ones instead of
those manually given through file paths.


-- 
Daniel Ferradal
IT Specialist

email         dferradal at gmail.com
linkedin     es.linkedin.com/in/danielferradal

Re: mod_md and ManagedDomain

[Luca Toscano <to...@gmail.com>]

My 2c :)

2017-12-07 16:32 GMT+01:00 Eric Covener <co...@gmail.com>:

> > Perhaps a more schematic view will clear things up
> >
> > mod_md: generates certfiicates for domains
> > mod_ssl: Load certificates for domains. If mod_md is present and
> > manages a domain, mod_ssl is supposed to use mod_md ones instead of
> > those manually given through file paths.
>
> Think about people stumbling into #httpd though.
>

I agree with Daniel, I like the fact that we have two modules to handle
separate things. One is about implementing the ACME protocol, the other one
is about managing TLS/SSL certificates and their options. There is some
overlapping of course but putting all together might end up in confusing
users even more.

2017-12-07 16:32 GMT+01:00 Eric Covener <co...@gmail.com>:

> On Thu, Dec 7, 2017 at 8:34 AM, Steffen <in...@apachelounge.com> wrote:
> > I find the word Managed in ManagedDomain and MD in the other settings
> already confusing, are not easy recognized.
> >
> > In fact lots of settings are managing domain(s).
> >
> > What does mod_md manage ?
> >
> > For me mod_md manages in the area of SSL(certificates automation).
> >
> > To be more easy to recognize, I propose to make SSL include in all the
> md settings.  In front or somewhere in the name, for example
> SSLManagedDomain, SSLMDMember or ManagedSSLDomain, MDSSLMember.
> >
> > Maybe we can consider to rename the module to SSL_MD and include the
> source in modules/ssl.
> >
>
> Not trying to pile on or bikeshed but I agree with this.
>

I like the generic naming, it might also be good if in the future its
functionalities will be extended to include any non specific ACME related
feature. First thing that comes up in my mind is the thread "directive to
reject non-configured hostnames w/o needing catch-all virtual hosts?".

Another thing that is not technical but more "marketing" related is that
there has already been a lot of chat over the news and socials about mod_md
(at least from what I've seen) and changing its name now (or migrating it
to another module) will surely confuse people (and potentially drive them
away).

Luca

Re: mod_md and ManagedDomain

[Eric Covener <co...@gmail.com>]

On Thu, Dec 7, 2017 at 8:34 AM, Steffen <in...@apachelounge.com> wrote:
> I find the word Managed in ManagedDomain and MD in the other settings already confusing, are not easy recognized.
>
> In fact lots of settings are managing domain(s).
>
> What does mod_md manage ?
>
> For me mod_md manages in the area of SSL(certificates automation).
>
> To be more easy to recognize, I propose to make SSL include in all the md settings.  In front or somewhere in the name, for example SSLManagedDomain, SSLMDMember or ManagedSSLDomain, MDSSLMember.
>
> Maybe we can consider to rename the module to SSL_MD and include the source in modules/ssl.
>

Not trying to pile on or bikeshed but I agree with this.

Re: mod_md and ManagedDomain

[Steffen <in...@apachelounge.com>]

I find the word Managed in ManagedDomain and MD in the other settings already confusing, are not easy recognized. 

In fact lots of settings are managing domain(s). 

What does mod_md manage ?

For me mod_md manages in the area of SSL(certificates automation).  

To be more easy to recognize, I propose to make SSL include in all the md settings.  In front or somewhere in the name, for example SSLManagedDomain, SSLMDMember or ManagedSSLDomain, MDSSLMember. 

Maybe we can consider to rename the module to SSL_MD and include the source in modules/ssl. 



Also note that now all settings begin with MD, except ManagedDomain, what is not logical. 

 

> Op 5 dec. 2017 om 16:48 heeft Stefan Eissing <st...@greenbytes.de> het volgende geschreven:
> 
> Ok, so that something good comes out of all this: Rich just promised to sing at the next ApacheCon, right Rich?
> 
> "Keys", by ManagedDomainFormerlyCalledYouKnowWhat:
> 
> "You don't conf certificates
> to turn me on,
> I just give encryption, baby,
> from dusk till dawn."
> 
> 
> Cheers,
> Stefan
> 
> 
>> Am 05.12.2017 um 15:09 schrieb Daniel <df...@gmail.com>:
>> 
>> hahaha
>> 
>> <MDRulesYourWorld>
>> 
>> I understand it it may seem silly to discuss this or that name I think
>> it will be of great benefit to find a good name in the long run, to
>> make it easy to recognize and/or user support.
>> 
>> 2017-12-05 15:06 GMT+01:00 Stefan Eissing <st...@greenbytes.de>:
>>> <MDYouLookBeautifulToday>?
>>> 
>>>> Am 05.12.2017 um 15:03 schrieb Luca Toscano <to...@gmail.com>:
>>>> 
>>>> Maybe ManagedDomain and <ManagedDomainDefine>, as iiuc we are going to use for SSLPolicy?
>>>> 
>>>> Luca
>>>> 
>>>> 2017-12-05 14:47 GMT+01:00 Stefan Eissing <st...@greenbytes.de>:
>>>> Totally agree with you. If you make a better proposal that avoids existing overlaps, I might just pick it up.
>>>> 
>>>> -Stefan
>>>> 
>>>>> Am 05.12.2017 um 14:40 schrieb Luca Toscano <to...@gmail.com>:
>>>>> 
>>>>> Hi Stefan,
>>>>> 
>>>>> 2017-12-04 14:16 GMT+01:00 Stefan Eissing <st...@greenbytes.de>:
>>>>> Not much input regarding this naming change. Personally, I like to keep '<ManagedDomain' as is.
>>>>> 
>>>>> I propose the following changes:
>>>>> 
>>>>> 1. The simple, single line 'ManagedDomain' will be renamed to 'MDGroup'
>>>>> 
>>>>> I personally find the renaming a bit confusing, since visually there is no affinity between <ManagedDomain> and MDGroup, but I liked the previous naming so I might be biased. If the majority thinks this is the way to go I am fine with it, just wanted to express my opinion :)
>>>>> 
>>>>> Luca
>>>>> 
>>>> 
>>>> 
>>> 
>> 
>> 
>> 
>> -- 
>> Daniel Ferradal
>> IT Specialist
>> 
>> email         dferradal at gmail.com
>> linkedin     es.linkedin.com/in/danielferradal
> 

Re: mod_md and ManagedDomain

[Stefan Eissing <st...@greenbytes.de>]

Ok, so that something good comes out of all this: Rich just promised to sing at the next ApacheCon, right Rich?

"Keys", by ManagedDomainFormerlyCalledYouKnowWhat:

"You don't conf certificates
 to turn me on,
 I just give encryption, baby,
 from dusk till dawn."


Cheers,
Stefan


> Am 05.12.2017 um 15:09 schrieb Daniel <df...@gmail.com>:
> 
> hahaha
> 
> <MDRulesYourWorld>
> 
> I understand it it may seem silly to discuss this or that name I think
> it will be of great benefit to find a good name in the long run, to
> make it easy to recognize and/or user support.
> 
> 2017-12-05 15:06 GMT+01:00 Stefan Eissing <st...@greenbytes.de>:
>> <MDYouLookBeautifulToday>?
>> 
>>> Am 05.12.2017 um 15:03 schrieb Luca Toscano <to...@gmail.com>:
>>> 
>>> Maybe ManagedDomain and <ManagedDomainDefine>, as iiuc we are going to use for SSLPolicy?
>>> 
>>> Luca
>>> 
>>> 2017-12-05 14:47 GMT+01:00 Stefan Eissing <st...@greenbytes.de>:
>>> Totally agree with you. If you make a better proposal that avoids existing overlaps, I might just pick it up.
>>> 
>>> -Stefan
>>> 
>>>> Am 05.12.2017 um 14:40 schrieb Luca Toscano <to...@gmail.com>:
>>>> 
>>>> Hi Stefan,
>>>> 
>>>> 2017-12-04 14:16 GMT+01:00 Stefan Eissing <st...@greenbytes.de>:
>>>> Not much input regarding this naming change. Personally, I like to keep '<ManagedDomain' as is.
>>>> 
>>>> I propose the following changes:
>>>> 
>>>> 1. The simple, single line 'ManagedDomain' will be renamed to 'MDGroup'
>>>> 
>>>> I personally find the renaming a bit confusing, since visually there is no affinity between <ManagedDomain> and MDGroup, but I liked the previous naming so I might be biased. If the majority thinks this is the way to go I am fine with it, just wanted to express my opinion :)
>>>> 
>>>> Luca
>>>> 
>>> 
>>> 
>> 
> 
> 
> 
> -- 
> Daniel Ferradal
> IT Specialist
> 
> email         dferradal at gmail.com
> linkedin     es.linkedin.com/in/danielferradal

Re: mod_md and ManagedDomain

[Daniel <df...@gmail.com>]

hahaha

<MDRulesYourWorld>

I understand it it may seem silly to discuss this or that name I think
it will be of great benefit to find a good name in the long run, to
make it easy to recognize and/or user support.

2017-12-05 15:06 GMT+01:00 Stefan Eissing <st...@greenbytes.de>:
> <MDYouLookBeautifulToday>?
>
>> Am 05.12.2017 um 15:03 schrieb Luca Toscano <to...@gmail.com>:
>>
>> Maybe ManagedDomain and <ManagedDomainDefine>, as iiuc we are going to use for SSLPolicy?
>>
>> Luca
>>
>> 2017-12-05 14:47 GMT+01:00 Stefan Eissing <st...@greenbytes.de>:
>> Totally agree with you. If you make a better proposal that avoids existing overlaps, I might just pick it up.
>>
>> -Stefan
>>
>> > Am 05.12.2017 um 14:40 schrieb Luca Toscano <to...@gmail.com>:
>> >
>> > Hi Stefan,
>> >
>> > 2017-12-04 14:16 GMT+01:00 Stefan Eissing <st...@greenbytes.de>:
>> > Not much input regarding this naming change. Personally, I like to keep '<ManagedDomain' as is.
>> >
>> > I propose the following changes:
>> >
>> > 1. The simple, single line 'ManagedDomain' will be renamed to 'MDGroup'
>> >
>> > I personally find the renaming a bit confusing, since visually there is no affinity between <ManagedDomain> and MDGroup, but I liked the previous naming so I might be biased. If the majority thinks this is the way to go I am fine with it, just wanted to express my opinion :)
>> >
>> > Luca
>> >
>>
>>
>



-- 
Daniel Ferradal
IT Specialist

email         dferradal at gmail.com
linkedin     es.linkedin.com/in/danielferradal

Re: mod_md and ManagedDomain

[Stefan Eissing <st...@greenbytes.de>]

<MDYouLookBeautifulToday>?

> Am 05.12.2017 um 15:03 schrieb Luca Toscano <to...@gmail.com>:
> 
> Maybe ManagedDomain and <ManagedDomainDefine>, as iiuc we are going to use for SSLPolicy? 
> 
> Luca
> 
> 2017-12-05 14:47 GMT+01:00 Stefan Eissing <st...@greenbytes.de>:
> Totally agree with you. If you make a better proposal that avoids existing overlaps, I might just pick it up.
> 
> -Stefan
> 
> > Am 05.12.2017 um 14:40 schrieb Luca Toscano <to...@gmail.com>:
> >
> > Hi Stefan,
> >
> > 2017-12-04 14:16 GMT+01:00 Stefan Eissing <st...@greenbytes.de>:
> > Not much input regarding this naming change. Personally, I like to keep '<ManagedDomain' as is.
> >
> > I propose the following changes:
> >
> > 1. The simple, single line 'ManagedDomain' will be renamed to 'MDGroup'
> >
> > I personally find the renaming a bit confusing, since visually there is no affinity between <ManagedDomain> and MDGroup, but I liked the previous naming so I might be biased. If the majority thinks this is the way to go I am fine with it, just wanted to express my opinion :)
> >
> > Luca
> >
> 
> 

Re: mod_md and ManagedDomain

[Rich Bowen <rb...@rcbowen.com>]

On 12/11/2017 05:08 AM, Stefan Eissing wrote:
> There are important questions on how we progress the design of the server. I
> have asked for participation and feedback on the design of ACME support in httpd
> since April. Shoulder clapping, "go ahead!", "fine!".
> 
> Answers to design questions: not really
> Requests for opinion about a "restart" feature: 0
> Code request for a Windows Service restart call: 0
> Request of a serf based implementation of the http client: 0
> Feedback from testing by the team: 0
> 
> Opinions about renaming parts/the whole thing just days before
> a possible release to users who want this: +7
> 
> You got to be kiddding me!

My apologies. I have no insight or skills in those other areas. My sole 
area of expertise is documentation and the users that use those 
documents. As I said before, please feel free to ignore my input and 
move on. Sorry I brought it up.

Re: mod_md and ManagedDomain

[Steffen <in...@apachelounge.com>]

Stefan wrote: /Code request for a Windows Service restart call: 0/

I started some time ago a discussion at: 
https://github.com/icing/mod_md/issues/17

There I want it as an option for Windows.

The discussion resulted in the MDNotifyCmd which makes me very happy, a 
script can now do the job and all the by users needed extra actions.

Not needed for me anymore and no priority now for Windows restart option 
as meant by Stefan in mod_md_os.c :

#ifdef WIN32
apr_status_t md_server_graceful(apr_pool_t *p, server_rec *s)
{
     return APR_ENOTIMPL;
}
  #else

On 11-12-2017 11:08, Stefan Eissing wrote:
>
> There are important questions on how we progress the design of the server. I
> have asked for participation and feedback on the design of ACME support in httpd
> since April. Shoulder clapping, "go ahead!", "fine!".
>
> Answers to design questions: not really
> Requests for opinion about a "restart" feature: 0
> Code request for a Windows Service restart call: 0
> Request of a serf based implementation of the http client: 0
> Feedback from testing by the team: 0
>
> Opinions about renaming parts/the whole thing just days before
> a possible release to users who want this: +7
>
> You got to be kiddding me!
>
> Cheers,
>
> Stefan
>
>
>
>
>
>

Re: mod_md and ManagedDomain

[Stefan Eissing <st...@greenbytes.de>]

> Am 11.12.2017 um 11:08 schrieb Stefan Eissing <st...@greenbytes.de>:
> 
> 
>> Am 08.12.2017 um 19:35 schrieb William A Rowe Jr <wr...@rowe-clan.net>:
>> 
>> On Tue, Dec 5, 2017 at 8:03 AM, Luca Toscano <to...@gmail.com> wrote:
>>> Maybe ManagedDomain and <ManagedDomainDefine>, as iiuc we are going to use
>>> for SSLPolicy?
>> 
>> Just an observation, http://httpd.apache.org/docs/trunk/mod/quickreference.html
>> illustrated that we have no verbs in <Section > directive block
>> titles, thus far.
>> 
>> <ManagedDomain > or <MDPolicy > followed by ManagedDomainSet
>> or MDPolicyElect or something similar seems more in keeping with the
>> existing naming convention for directives. Bothers me when we overload
>> with yet one additional naming scheme, that would probably bother our
>> users more than confusing directive names.
> 
> There are important questions on how we progress the design of the server. I 
> have asked for participation and feedback on the design of ACME support in httpd
> since April. Shoulder clapping, "go ahead!", "fine!".
> 
> Answers to design questions: not really
> Requests for opinion about a "restart" feature: 0
> Code request for a Windows Service restart call: 0
> Request of a serf based implementation of the http client: 0
> Feedback from testing by the team: 0

Correction: Steffen and Luca have tested and given feedback.

> Opinions about renaming parts/the whole thing just days before
> a possible release to users who want this: +7
> 
> You got to be kiddding me!
> 
> Cheers,
> 
> Stefan
> 
> 
> 
> 
> 
> 

Re: mod_md and ManagedDomain

[Jim Jagielski <ji...@jaguNET.com>]

I am a SUPER +1 on the design, architecture, etc...

As far as the naming, it seems like a bikeshed to me...
JFDI ;)

> On Dec 11, 2017, at 5:08 AM, Stefan Eissing <st...@greenbytes.de> wrote:
> 
> 
>> Am 08.12.2017 um 19:35 schrieb William A Rowe Jr <wr...@rowe-clan.net>:
>> 
>> On Tue, Dec 5, 2017 at 8:03 AM, Luca Toscano <to...@gmail.com> wrote:
>>> Maybe ManagedDomain and <ManagedDomainDefine>, as iiuc we are going to use
>>> for SSLPolicy?
>> 
>> Just an observation, http://httpd.apache.org/docs/trunk/mod/quickreference.html
>> illustrated that we have no verbs in <Section > directive block
>> titles, thus far.
>> 
>> <ManagedDomain > or <MDPolicy > followed by ManagedDomainSet
>> or MDPolicyElect or something similar seems more in keeping with the
>> existing naming convention for directives. Bothers me when we overload
>> with yet one additional naming scheme, that would probably bother our
>> users more than confusing directive names.
> 
> There are important questions on how we progress the design of the server. I 
> have asked for participation and feedback on the design of ACME support in httpd
> since April. Shoulder clapping, "go ahead!", "fine!".
> 
> Answers to design questions: not really
> Requests for opinion about a "restart" feature: 0
> Code request for a Windows Service restart call: 0
> Request of a serf based implementation of the http client: 0
> Feedback from testing by the team: 0
> 
> Opinions about renaming parts/the whole thing just days before
> a possible release to users who want this: +7
> 
> You got to be kiddding me!
> 
> Cheers,
> 
> Stefan
> 
> 
> 
> 
> 
> 

Re: mod_md and ManagedDomain

[Luca Toscano <to...@gmail.com>]

Hi Stefan,

2017-12-11 11:08 GMT+01:00 Stefan Eissing <st...@greenbytes.de>:

>
> > Am 08.12.2017 um 19:35 schrieb William A Rowe Jr <wr...@rowe-clan.net>:
> >
> > On Tue, Dec 5, 2017 at 8:03 AM, Luca Toscano <to...@gmail.com>
> wrote:
> >> Maybe ManagedDomain and <ManagedDomainDefine>, as iiuc we are going to
> use
> >> for SSLPolicy?
> >
> > Just an observation, http://httpd.apache.org/docs/
> trunk/mod/quickreference.html
> > illustrated that we have no verbs in <Section > directive block
> > titles, thus far.
> >
> > <ManagedDomain > or <MDPolicy > followed by ManagedDomainSet
> > or MDPolicyElect or something similar seems more in keeping with the
> > existing naming convention for directives. Bothers me when we overload
> > with yet one additional naming scheme, that would probably bother our
> > users more than confusing directive names.
>
> There are important questions on how we progress the design of the server.
> I
> have asked for participation and feedback on the design of ACME support in
> httpd
> since April. Shoulder clapping, "go ahead!", "fine!".
>
> Answers to design questions: not really
> Requests for opinion about a "restart" feature: 0
> Code request for a Windows Service restart call: 0
> Request of a serf based implementation of the http client: 0
> Feedback from testing by the team: 0
>
> Opinions about renaming parts/the whole thing just days before
> a possible release to users who want this: +7
>
> You got to be kiddding me!
>

you are right but at the moment, since nobody have really different
opinions, the only thing that "blocks" the backport is the naming of the
ManagedDomain and <ManagedDomain> directives. As you suggested
s/ManagedDomain/MDGroup seems to be ok for most of us, the remaining one is
<ManagedDomain>. <MDGroupDefine> could be a solution, or any other similar
name.

Let's pick one, archive the thread and deliver a nice gift for the holiday
season to all the apache users :)

Thanks for the patience!

Luca

Re: mod_md and ManagedDomain

[Stefan Eissing <st...@greenbytes.de>]

> Am 08.12.2017 um 19:35 schrieb William A Rowe Jr <wr...@rowe-clan.net>:
> 
> On Tue, Dec 5, 2017 at 8:03 AM, Luca Toscano <to...@gmail.com> wrote:
>> Maybe ManagedDomain and <ManagedDomainDefine>, as iiuc we are going to use
>> for SSLPolicy?
> 
> Just an observation, http://httpd.apache.org/docs/trunk/mod/quickreference.html
> illustrated that we have no verbs in <Section > directive block
> titles, thus far.
> 
> <ManagedDomain > or <MDPolicy > followed by ManagedDomainSet
> or MDPolicyElect or something similar seems more in keeping with the
> existing naming convention for directives. Bothers me when we overload
> with yet one additional naming scheme, that would probably bother our
> users more than confusing directive names.

There are important questions on how we progress the design of the server. I 
have asked for participation and feedback on the design of ACME support in httpd
since April. Shoulder clapping, "go ahead!", "fine!".

Answers to design questions: not really
Requests for opinion about a "restart" feature: 0
Code request for a Windows Service restart call: 0
Request of a serf based implementation of the http client: 0
Feedback from testing by the team: 0

Opinions about renaming parts/the whole thing just days before
a possible release to users who want this: +7

You got to be kiddding me!

Cheers,

Stefan

Re: mod_md and ManagedDomain

[William A Rowe Jr <wr...@rowe-clan.net>]

On Tue, Dec 5, 2017 at 8:03 AM, Luca Toscano <to...@gmail.com> wrote:
> Maybe ManagedDomain and <ManagedDomainDefine>, as iiuc we are going to use
> for SSLPolicy?

Just an observation, http://httpd.apache.org/docs/trunk/mod/quickreference.html
illustrated that we have no verbs in <Section > directive block
titles, thus far.

<ManagedDomain > or <MDPolicy > followed by ManagedDomainSet
or MDPolicyElect or something similar seems more in keeping with the
existing naming convention for directives. Bothers me when we overload
with yet one additional naming scheme, that would probably bother our
users more than confusing directive names.

Re: mod_md and ManagedDomain

[Daniel <df...@gmail.com>]

Just another idea:
or perhaps MDDomain, to easily identify it is to specify domains
managed by mod_md?



2017-12-05 15:03 GMT+01:00 Luca Toscano <to...@gmail.com>:
> Maybe ManagedDomain and <ManagedDomainDefine>, as iiuc we are going to use
> for SSLPolicy?
>
> Luca
>
> 2017-12-05 14:47 GMT+01:00 Stefan Eissing <st...@greenbytes.de>:
>>
>> Totally agree with you. If you make a better proposal that avoids existing
>> overlaps, I might just pick it up.
>>
>> -Stefan
>>
>> > Am 05.12.2017 um 14:40 schrieb Luca Toscano <to...@gmail.com>:
>> >
>> > Hi Stefan,
>> >
>> > 2017-12-04 14:16 GMT+01:00 Stefan Eissing
>> > <st...@greenbytes.de>:
>> > Not much input regarding this naming change. Personally, I like to keep
>> > '<ManagedDomain' as is.
>> >
>> > I propose the following changes:
>> >
>> > 1. The simple, single line 'ManagedDomain' will be renamed to 'MDGroup'
>> >
>> > I personally find the renaming a bit confusing, since visually there is
>> > no affinity between <ManagedDomain> and MDGroup, but I liked the previous
>> > naming so I might be biased. If the majority thinks this is the way to go I
>> > am fine with it, just wanted to express my opinion :)
>> >
>> > Luca
>> >
>>
>



-- 
Daniel Ferradal
IT Specialist

email         dferradal at gmail.com
linkedin     es.linkedin.com/in/danielferradal

Re: mod_md and ManagedDomain

[Luca Toscano <to...@gmail.com>]

Maybe ManagedDomain and <ManagedDomainDefine>, as iiuc we are going to use
for SSLPolicy?

Luca

2017-12-05 14:47 GMT+01:00 Stefan Eissing <st...@greenbytes.de>:

> Totally agree with you. If you make a better proposal that avoids existing
> overlaps, I might just pick it up.
>
> -Stefan
>
> > Am 05.12.2017 um 14:40 schrieb Luca Toscano <to...@gmail.com>:
> >
> > Hi Stefan,
> >
> > 2017-12-04 14:16 GMT+01:00 Stefan Eissing <st...@greenbytes.de>
> :
> > Not much input regarding this naming change. Personally, I like to keep
> '<ManagedDomain' as is.
> >
> > I propose the following changes:
> >
> > 1. The simple, single line 'ManagedDomain' will be renamed to 'MDGroup'
> >
> > I personally find the renaming a bit confusing, since visually there is
> no affinity between <ManagedDomain> and MDGroup, but I liked the previous
> naming so I might be biased. If the majority thinks this is the way to go I
> am fine with it, just wanted to express my opinion :)
> >
> > Luca
> >
>
>

Re: mod_md and ManagedDomain

[Stefan Eissing <st...@greenbytes.de>]

Totally agree with you. If you make a better proposal that avoids existing overlaps, I might just pick it up.

-Stefan

> Am 05.12.2017 um 14:40 schrieb Luca Toscano <to...@gmail.com>:
> 
> Hi Stefan,
> 
> 2017-12-04 14:16 GMT+01:00 Stefan Eissing <st...@greenbytes.de>:
> Not much input regarding this naming change. Personally, I like to keep '<ManagedDomain' as is.
> 
> I propose the following changes:
> 
> 1. The simple, single line 'ManagedDomain' will be renamed to 'MDGroup'
> 
> I personally find the renaming a bit confusing, since visually there is no affinity between <ManagedDomain> and MDGroup, but I liked the previous naming so I might be biased. If the majority thinks this is the way to go I am fine with it, just wanted to express my opinion :)
> 
> Luca 
> 

Re: mod_md and ManagedDomain

[Luca Toscano <to...@gmail.com>]

Hi Stefan,

2017-12-04 14:16 GMT+01:00 Stefan Eissing <st...@greenbytes.de>:

> Not much input regarding this naming change. Personally, I like to keep
> '<ManagedDomain' as is.
>
> I propose the following changes:
>
> 1. The simple, single line 'ManagedDomain' will be renamed to 'MDGroup'
>

I personally find the renaming a bit confusing, since visually there is no
affinity between <ManagedDomain> and MDGroup, but I liked the previous
naming so I might be biased. If the majority thinks this is the way to go I
am fine with it, just wanted to express my opinion :)

Luca

Re: mod_md and ManagedDomain

[Luca Toscano <to...@gmail.com>]

Restarting from this proposal to make a summary:

2017-12-04 14:16 GMT+01:00 Stefan Eissing <st...@greenbytes.de>:

> Not much input regarding this naming change. Personally, I like to keep
> '<ManagedDomain' as is.
>
> I propose the following changes:
>
> 1. The simple, single line 'ManagedDomain' will be renamed to 'MDGroup'
> 2. The not so intuitive differences between 'MDMember' and 'MDMembers'
> will be solved by removing the 'MDMembers' directive. 'Auto' membership is
> now always the default mode and can no longer be changed globally. 'Manual'
> membership mode must be set explicitly for every MDGroup/ManagedDomain that
> shall behave like that.
> 3. 'MDStoreDir' will be renamed to 'MDStore' to leave room for future,
> non-file based storage methods.
> 4. 'MDCAChallenges' will be renamed to 'MDCertificateChallenge' to have
> the same prefix as other directives for the signup/renewal protocol
> 5. 'MDPrivateKeys' will be renamed to 'MDPrivateKey' as it was the last
> one that used a plural wording.
>
> If no one objects, I will do the changes in the upcoming days.
>

So two things seem outstanding, if I got it correctly, reading from
multiple threads:

1) ManagedDomain vs <ManagedDomain>: the similarity between the two
directives may confuse users in the long term, so we should find a better
naming.
2) The mod_md name may not be evocative enough for what it does (also no
mention of TLS/SSL in its directive names, use a terminology like "domain"
that is too broad, etc..).

My personal view:

I like Stefan's idea to renamed ManagedDomain as MDGroup (so all the
directives of mod_md will have the MD prefix) but the remaining
<ManagedDomain> (that IIUC is not changed) should also be renamed to say
something like MDGroupDefine/MDGroupSandbox/MDGroupWhatever. We used the
"Define" suffix for the SSLPolicy vs <SSLPolicyDefine> use case, so it
might be a possibility to follow the same path with MDGroup /
<MDGroupDefine>.

At this point I would concentrate on gathering consensus on a solution for
point 1), and use our docs to solve point 2). I do believe that it is a bit
too late to start a rename for mod_md due to early adopters and
announcements made, plus the (generic) name might allow us to add
non-ACME-related features in the future.

My main concern is that months of work spent into this awesome module get
stuck for a long time due to naming debates (that are important but need to
come to a conclusion soon :).

Luca