V8.02.644.2025.05.31
All checks were successful
Retrieve the DNSSEC status at the time of updating the repository. / build-dnssec-diagram (push) Successful in 29s
All checks were successful
Retrieve the DNSSEC status at the time of updating the repository. / build-dnssec-diagram (push) Successful in 29s
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
11
README.md
11
README.md
@@ -40,8 +40,13 @@ Check out more:
|
||||
* [CenturionMeet](https://talk.e2ee.li/)
|
||||
* [Contact the author](https://coresecret.eu/contact/)
|
||||
|
||||
> Please note that all my signing keys are stored in an HSM and that the signing environment is air-gapped.
|
||||
> The next step is to move to a room-gapped environment.
|
||||
## 1.1. Notes
|
||||
|
||||
### 1.1.1 HSM
|
||||
Please note that all my signing keys are stored in an HSM and that the signing environment is air-gapped. The next step is to
|
||||
move to a room-gapped environment. ^^
|
||||
|
||||
### 1.1.2 HSTS and DNSSEC
|
||||
|
||||
Please note that `coresecret.dev` is included in the [(HSTS Preload List)](https://hstspreload.org/) and always serves the headers:
|
||||
````nginx configuration pro
|
||||
@@ -50,7 +55,7 @@ add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; prelo
|
||||
````
|
||||
Additionally, the entire zone is dual-signed with DNSSEC. See the current DNSSEC status at [DNSSEC Audit Report](https://git.coresecret.dev/msw/CISS.debian.live.builder/src/branch/master/docs/AUDIT_DNSSEC.md)
|
||||
|
||||
## 1.1. Immutable Source-of-Truth System
|
||||
## 1.2. Immutable Source-of-Truth System
|
||||
|
||||
This live ISO establishes a secure, fully deterministic, integrity self-verifying boot environment based entirely on static
|
||||
source-code definitions. All configurations, system components, and installation routines are embedded during build time and
|
||||
|
||||
Reference in New Issue
Block a user