msw/draft-weidner-catalog-rr-ext
SHA256
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V1.01.192.2025.06.06

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-06-06 18:33:57 +02:00
parent 1e6b128a57
commit 15b57ae91f
3 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/linter_char_scripts.yaml
+8 -6
View File
@@ -127,14 +127,16 @@ jobs:
# #
# We capture: # We capture:
# - All files '*.sh', '*.rfc.xml' # - All files '*.sh', '*.rfc.xml'
# - All files whose first line begins with #! (shebang) # - All files whose first line begins with "#!" (shebang)
# ------------------------------- # -------------------------------
mapfile -t files_to_check < <( mapfile -t files_to_check < <(
find . -type f \( \ find . \
-iname '*.sh' -o \ -path './.git' -prune -o \
-iname '*.rfc.xml' -o \ -type f \( \
-exec grep -Iq '^#!' {} \; \ -iname '*.sh' -o \
\) -print -iname '*.rfc.xml' -o \
-exec grep -Iq '^#!' {} \; \
\) -print
) )
# ------------------------------- # -------------------------------
docs/graphviz/ciss.developer.branch.dot
+3 -3
View File
@@ -138,15 +138,15 @@ digraph CISS_debian_live_builder {
// Jump Host → Hidden-Master // Jump Host → Hidden-Master
Jump_Host -> Hidden_Master [color=green]; Jump_Host -> Hidden_Master [color=green];
// Hidden-Master → Name servers (each green with the label HMAC SHA512) // Hidden-Master → Name servers (each green with the label "HMAC SHA512")
Hidden_Master -> ns00 [color=green, label="HMAC SHA512"]; Hidden_Master -> ns00 [color=green, label="HMAC SHA512"];
Hidden_Master -> ns01 [color=green, label="HMAC SHA512"]; Hidden_Master -> ns01 [color=green, label="HMAC SHA512"];
Hidden_Master -> ns02 [color=green, label="HMAC SHA512"]; Hidden_Master -> ns02 [color=green, label="HMAC SHA512"];
Hidden_Master -> ns03 [color=green, label="HMAC SHA512"]; Hidden_Master -> ns03 [color=green, label="HMAC SHA512"];
// Red arrows DNSSEC from name server cluster (ns_anchor) → B cluster (b_big_anchor) // Red arrows "DNSSEC" from name server cluster (ns_anchor) → B cluster (b_big_anchor)
ns_anchor -> b_big_anchor [color=red, label="DNSSEC"]; ns_anchor -> b_big_anchor [color=red, label="DNSSEC"];
// Red arrow DNSSEC from nameserver cluster (ns_anchor) → cloud cluster (cloud_anchor) // Red arrow "DNSSEC" from nameserver cluster (ns_anchor) → cloud cluster (cloud_anchor)
ns_anchor -> cloud_anchor [color=red, label="DNSSEC"]; ns_anchor -> cloud_anchor [color=red, label="DNSSEC"];
// Red arrows from TLS Internet → B-Cluster and cloud // Red arrows from TLS Internet → B-Cluster and cloud
draft-weidner-catalog-rr-ext-00.rfc.xml
+1 -1
View File
@@ -1399,7 +1399,7 @@ https://caa-ct-sts.<domain>.<tld>/.well-known/caa-ct-sts.txt
<li>"+ 2" Whitelist of Non-Critical CT-Logs. <li>"+ 2" Whitelist of Non-Critical CT-Logs.
In addition to the n + 1 critical logs, domain owners <strong>SHOULD</strong> nominate at least In addition to the n + 1 critical logs, domain owners <strong>SHOULD</strong> nominate at least
up to two further CT-Logs without the "critical=true" flag. up to two further CT-Logs without the "critical=true" flag.
These whitelisted CT-Logs provide extra transparency channels, These "whitelisted" CT-Logs provide extra transparency channels,
enabling issuance to continue if a critical CT-Log fails, enabling issuance to continue if a critical CT-Log fails,
but do not block issuance if they are unreachable. but do not block issuance if they are unreachable.
They <strong>MUST NOT</strong> not carry "critical=true"; otherwise, They <strong>MUST NOT</strong> not carry "critical=true"; otherwise,