mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Merge pull request #16 from nmelo/docs-fix-typos

Browse source 
Fix a couple typos in documentation and a formatting issue
This commit is contained in:
Max 2018-12-20 13:04:35 -08:00 committed by GitHub
commit e5dff952de
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -326,7 +326,7 @@ then, upon `reload`, the Step CA will read it's new configuration from the same
configuration file. configuration file.
* Step CA requires the password to decrypt the intermediate certificate, again, * Step CA requires the password to decrypt the intermediate certificate, again,
upon `reload`. You can auotmate this in one of two ways: upon `reload`. You can automate this in one of two ways:
* Use the `--password-file` flag in the original invocation. * Use the `--password-file` flag in the original invocation.
* Use the top level `password` attribute in the `ca.json` configuration file. * Use the top level `password` attribute in the `ca.json` configuration file.

1
docs/common-questions.md
View file

@ -82,6 +82,7 @@ communication for your own internal infrastructure? There are several reasons:
* Public CAs can't handle client certificates (mutual TLS) * Public CAs can't handle client certificates (mutual TLS)
* It's much harder (and more expensive) to revoke or roll certificates from public CAs * It's much harder (and more expensive) to revoke or roll certificates from public CAs
* It relies on a third party that can subvert your security * It relies on a third party that can subvert your security
More broadly, the answer is that web PKI was designed for the web. A lot of the More broadly, the answer is that web PKI was designed for the web. A lot of the
web PKI design decisions aren't appropriate for internal systems. web PKI design decisions aren't appropriate for internal systems.

2
docs/recommendations.md
View file

@ -172,7 +172,7 @@ are useless without proper attention to configuration and guidelines.
// - ECDHE key exchange algorithm has perfect forward secrecy // - ECDHE key exchange algorithm has perfect forward secrecy
// - ECDSA has smaller keys and better performance (than RSA) // - ECDSA has smaller keys and better performance (than RSA)
// - CHACHA20 with POLY1305 is the cipher mode used by google. // - CHACHA20 with POLY1305 is the cipher mode used by google.
// - CHACHA20 is more performance than GCM and CBC. // - CHACHA20's performance is better than GCM and CBC.
// NOTE: The http2 spec requires the "TLS_ECDHE_(RSA|ECDSA)_WITH_AES_128_GCM_SHA256" // NOTE: The http2 spec requires the "TLS_ECDHE_(RSA|ECDSA)_WITH_AES_128_GCM_SHA256"
// ciphersuite be accepted by the server, therefore it makes our list of // ciphersuite be accepted by the server, therefore it makes our list of
// default ciphersuites until we build the functionality to modify our defaults // default ciphersuites until we build the functionality to modify our defaults

2
server/server.go
View file

@ -60,7 +60,7 @@ func (srv *Server) ListenAndServe() error {
return srv.Serve(ln) return srv.Serve(ln)
} }
// Serve runs Serve or ServetTLS on the underlaying http.Server and listen to // Serve runs Serve or ServeTLS on the underlying http.Server and listen to
// channels to reload or shutdown the server. // channels to reload or shutdown the server.
func (srv *Server) Serve(ln net.Listener) error { func (srv *Server) Serve(ln net.Listener) error {
var err error var err error