diff options
author | Rasmus Dahlberg <rasmus@mullvad.net> | 2022-01-31 17:22:45 +0100 |
---|---|---|
committer | Rasmus Dahlberg <rasmus@mullvad.net> | 2022-01-31 17:22:45 +0100 |
commit | 9f49af2ad70764510bb34322157209f56095260f (patch) | |
tree | d4fa9c1eb3ea1f4881398a99f27b59a022647905 /doc/design.md | |
parent | 7392f492702bd9921f803aeedd7827f4cbad9234 (diff) |
documented the decided domain hint proposal
Refer to doc/proposals/2022-01-domain-hint for details.
Diffstat (limited to 'doc/design.md')
-rw-r--r-- | doc/design.md | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/doc/design.md b/doc/design.md index 439f8c5..85e0ea3 100644 --- a/doc/design.md +++ b/doc/design.md @@ -347,7 +347,13 @@ A signer's domain hint is not part of the logged leaf because key management is more complex than that. A separate project should focus on transparent key management. Our work is about transparent _key-usage_. -We are considering if additional anti-spam mechanisms should be supported. +A signer's domain hint must have the left-most label set to `_sigsum_v0` to +reduce the space of valid DNS TXT RRs that the log needs to permit queries for. +See further details in the + [proposal](https://git.sigsum.org/sigsum/tree/doc/proposals/2022-01-domain-hint) +that added this criteria. + +We are considering if additional anti-spam mechanisms should be supported in v1. #### 4.3 - What is the point of having a shard hint? Unlike TLS certificates which already have validity ranges, a checksum does not |