refactor keystore?

[kwatsen]

Juergen writes:

I guess what I am looking for is a more radical split between X.509 stuff and SSH key stuff, the most radical split would be a module for X.509 keys and certs and another module for SSH host keys. Or alternatively, if there is really a strong reason to have all these different keys in one list, then define the list such that augmentations add X.509 stuff and SSH key stuff. I am not a fan of lists where the usage of leafs for different purposes is not clear.

[kwatsen]

Juergen writes later:

The question is whether there is value to centralize beyond the differnet key systems. Is there really added value to try to treat SSH keys and X.509 in the same list infrastructure or are they at the end just different things? What about other keys, i.e., for signing DNS zones or RPKI keys? Is it useful to try to put all of these keys that serve different purposes into a common structure? The open source people maintaining software packages seem to keep things separate. Is Junos having such a centralized asymmetric keystore? How about IOS XR? Others? If not, why would a standard do this?