documented the decided domain hint proposal

Refer to doc/proposals/2022-01-domain-hint for details.
author: Rasmus Dahlberg <rasmus@mullvad.net> 2022-01-31 17:22:45 +0100
committer: Rasmus Dahlberg <rasmus@mullvad.net> 2022-01-31 17:22:45 +0100
commit: 9f49af2ad70764510bb34322157209f56095260f (patch)
tree: d4fa9c1eb3ea1f4881398a99f27b59a022647905 /doc/design.md
parent: 7392f492702bd9921f803aeedd7827f4cbad9234 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/doc/design.md b/doc/design.md
index 439f8c5..85e0ea3 100644
--- a/doc/design.md
+++ b/doc/design.md
@@ -347,7 +347,13 @@ A signer's domain hint is not part of the logged leaf because key management is
 more complex than that.  A separate project should focus on transparent key
 management.  Our work is about transparent _key-usage_.
 
-We are considering if additional anti-spam mechanisms should be supported.
+A signer's domain hint must have the left-most label set to `_sigsum_v0` to
+reduce the space of valid DNS TXT RRs that the log needs to permit queries for.
+See further details in the
+	[proposal](https://git.sigsum.org/sigsum/tree/doc/proposals/2022-01-domain-hint)
+that added this criteria.
+
+We are considering if additional anti-spam mechanisms should be supported in v1.
 
 #### 4.3 - What is the point of having a shard hint?
 Unlike TLS certificates which already have validity ranges, a checksum does not
author	Rasmus Dahlberg <rasmus@mullvad.net>	2022-01-31 17:22:45 +0100
committer	Rasmus Dahlberg <rasmus@mullvad.net>	2022-01-31 17:22:45 +0100
commit	9f49af2ad70764510bb34322157209f56095260f (patch)
tree	d4fa9c1eb3ea1f4881398a99f27b59a022647905 /doc/design.md
parent	7392f492702bd9921f803aeedd7827f4cbad9234 (diff)