From 9f49af2ad70764510bb34322157209f56095260f Mon Sep 17 00:00:00 2001 From: Rasmus Dahlberg Date: Mon, 31 Jan 2022 17:22:45 +0100 Subject: documented the decided domain hint proposal Refer to doc/proposals/2022-01-domain-hint for details. --- doc/design.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'doc/design.md') diff --git a/doc/design.md b/doc/design.md index 439f8c5..85e0ea3 100644 --- a/doc/design.md +++ b/doc/design.md @@ -347,7 +347,13 @@ A signer's domain hint is not part of the logged leaf because key management is more complex than that. A separate project should focus on transparent key management. Our work is about transparent _key-usage_. -We are considering if additional anti-spam mechanisms should be supported. +A signer's domain hint must have the left-most label set to `_sigsum_v0` to +reduce the space of valid DNS TXT RRs that the log needs to permit queries for. +See further details in the + [proposal](https://git.sigsum.org/sigsum/tree/doc/proposals/2022-01-domain-hint) +that added this criteria. + +We are considering if additional anti-spam mechanisms should be supported in v1. #### 4.3 - What is the point of having a shard hint? Unlike TLS certificates which already have validity ranges, a checksum does not -- cgit v1.2.3