Revision a4978169 doc/design-2.2.rst
| b/doc/design-2.2.rst | ||
|---|---|---|
| 411 | 411 |
not know the secret, it can't forge the certificates or redirect the |
| 412 | 412 |
data. Unless disabled by a new cluster parameter, verifying the HMAC |
| 413 | 413 |
signatures must be mandatory. The HMAC signature for X509 certificates |
| 414 |
will be prepended to the certificate similar to an RFC822 header and
|
|
| 414 |
will be prepended to the certificate similar to an :rfc:`822` header and
|
|
| 415 | 415 |
only covers the certificate (from ``-----BEGIN CERTIFICATE-----`` to |
| 416 | 416 |
``-----END CERTIFICATE-----``). The header name will be |
| 417 | 417 |
``X-Ganeti-Signature`` and its value will have the format |
Also available in: Unified diff