aboutsummaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorRasmus Dahlberg <rasmus@mullvad.net>2022-01-31 17:22:45 +0100
committerRasmus Dahlberg <rasmus@mullvad.net>2022-01-31 17:22:45 +0100
commit9f49af2ad70764510bb34322157209f56095260f (patch)
treed4fa9c1eb3ea1f4881398a99f27b59a022647905 /doc
parent7392f492702bd9921f803aeedd7827f4cbad9234 (diff)
documented the decided domain hint proposal
Refer to doc/proposals/2022-01-domain-hint for details.
Diffstat (limited to 'doc')
-rw-r--r--doc/api.md5
-rw-r--r--doc/design.md8
2 files changed, 10 insertions, 3 deletions
diff --git a/doc/api.md b/doc/api.md
index 172ea4f..abe93b1 100644
--- a/doc/api.md
+++ b/doc/api.md
@@ -325,7 +325,8 @@ Input:
above signature. The key is encoded as defined in [RFC 8032, section 5.1.2](https://tools.ietf.org/html/rfc8032#section-5.1.2),
then hex-encoded.
- `domain_hint`: domain name indicating where `tree_leaf.key_hash` can be found
- as a DNS TXT resource record with hex-encoding.
+ as a DNS TXT resource record with hex-encoding. The left-most label must be
+ set to `_sigsum_v0`.
Output on success:
- None
@@ -344,7 +345,7 @@ $ echo "shard_hint=1633039200
checksum=315f5bdb76d078c43b8ac0064e4a0164612b1fce77c869345bfc94c75894edd3
signature=0b849ed46b71b550d47ae320a8a37401129d71888edcc387b6a604b2fe1579e25479adb0edd1769f9b525d44b843ac0b3527ea12b8d9574676464b2ec6077401
verification_key=46a6aaceb6feee9cb50c258123e573cc5a8aa09e5e51d1a56cace9bfd7c5569c
-domain_hint=example.com" | curl --data-binary @- <base url>/sigsum/v0/add-leaf
+domain_hint=_sigsum_v0.example.com" | curl --data-binary @- <base url>/sigsum/v0/add-leaf
```
### 3.8 - add-cosignature
diff --git a/doc/design.md b/doc/design.md
index 439f8c5..85e0ea3 100644
--- a/doc/design.md
+++ b/doc/design.md
@@ -347,7 +347,13 @@ A signer's domain hint is not part of the logged leaf because key management is
more complex than that. A separate project should focus on transparent key
management. Our work is about transparent _key-usage_.
-We are considering if additional anti-spam mechanisms should be supported.
+A signer's domain hint must have the left-most label set to `_sigsum_v0` to
+reduce the space of valid DNS TXT RRs that the log needs to permit queries for.
+See further details in the
+ [proposal](https://git.sigsum.org/sigsum/tree/doc/proposals/2022-01-domain-hint)
+that added this criteria.
+
+We are considering if additional anti-spam mechanisms should be supported in v1.
#### 4.3 - What is the point of having a shard hint?
Unlike TLS certificates which already have validity ranges, a checksum does not