> Maybe limiting them to a path AND all the descendant paths? So that > /~user1/cgi/foo and /~user1/cgi/foo/bar are using the same cert by > default? Iirc this is the current recommendation, and I agree with your argument about multiuser hosts. Cheers, ew0k