-
-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make it clear that security.txt.sig files should be served over HTTPS. #55
Milestone
Comments
nightwatchcyber
added a commit
to nightwatchcyber/security-txt
that referenced
this issue
Dec 26, 2017
FYI The registry has been updated to reject SIG files not over HTTPs. |
EdOverflow
added a commit
that referenced
this issue
Jan 7, 2018
* updated issues shield/link * Remove hero image. * Create draft-foudil-securitytxt-01.txt. * Create draft-foudil-securitytxt-01.txt. * chore(text): fix grammar * chore(text): fix grammar * Fix Typo * Fix Typo * Fix Shield Link * Fix Shield Link * converting to use markdown and adding IETF tool support * clarifying instructions for making the text draft * putting back the original version * adding version-01 before markdown conversion * adding text draft generated from markdown * removing non-markdown draft version * Adding IANA registration for .well-known * removing date * Adding IANA registry for extensibility to address issue #34 * added extensibility section * adding extensibility to abnf * Start working on https://github.com/securitytxt/security-txt/milestone/2. * Add Signature directive to registry. * Add file location section. * Explaining how this is different from RFC2142 * language tweaks * s/filesystems/file systems * adding author * adding html * adding txt and html * re-generating drafts * Signature file should be added to the Well-Known URI's registry In accordance with issue #59, the signature file "security.txt.sig" should also be added to the Well-Known URI's registry. * Update draft-01. * Update draft. * s/draft-01/draft-02 * Adding history section, and addressing issues #55 and #14 * Adding language to clarify Contact values as per issue #62 * "the" ability * Create .travis.yml * Languages updates for the draft text (#66) * Languages updates for the draft text * Fix comment * Fix more wording * Fix for Ed
EdOverflow
added a commit
that referenced
this issue
Jan 15, 2018
* updated issues shield/link * Remove hero image. * Create draft-foudil-securitytxt-01.txt. * Create draft-foudil-securitytxt-01.txt. * chore(text): fix grammar * chore(text): fix grammar * Fix Typo * Fix Typo * Fix Shield Link * Fix Shield Link * converting to use markdown and adding IETF tool support * clarifying instructions for making the text draft * putting back the original version * adding version-01 before markdown conversion * adding text draft generated from markdown * removing non-markdown draft version * Adding IANA registration for .well-known * removing date * Adding IANA registry for extensibility to address issue #34 * added extensibility section * adding extensibility to abnf * Start working on https://github.com/securitytxt/security-txt/milestone/2. * Add Signature directive to registry. * Add file location section. * Explaining how this is different from RFC2142 * language tweaks * s/filesystems/file systems * adding author * adding html * adding txt and html * re-generating drafts * Signature file should be added to the Well-Known URI's registry In accordance with issue #59, the signature file "security.txt.sig" should also be added to the Well-Known URI's registry. * Update draft-01. * Update draft. * s/draft-01/draft-02 * Adding history section, and addressing issues #55 and #14 * Adding language to clarify Contact values as per issue #62 * "the" ability * Create .travis.yml * Start working on securitytxt-03. * Update version to 03. * Fix mistakes. * Languages updates for the draft text (#66) * Languages updates for the draft text * Fix comment * Fix more wording * Fix for Ed * Update securitytxt-03 addressing the issues raised by @nightwatchcyber. * Fix remaining issues. * Solve #77: Add language about security researcher's responsibility. * Solve #87.
Changing HTTPS to MUST as per this message: |
nightwatchcyber
added a commit
to nightwatchcyber/security-txt
that referenced
this issue
Feb 10, 2019
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
draft-foudil-securitytxt-01.txt states the following:
In the next version we should make it very clear that the security.txt.sig file should be served over HTTPS.
The text was updated successfully, but these errors were encountered: