ncc-06-js 0.3.2 → 0.3.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -2
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -103,8 +103,11 @@ The package exposes modular helpers so you can keep using your own transport sta
|
|
|
103
103
|
|
|
104
104
|
## Trust model
|
|
105
105
|
|
|
106
|
-
- `k` is the binding between NCC-02/NCC-05 records and the
|
|
107
|
-
-
|
|
106
|
+
- `k` is the binding between NCC-02/NCC-05 records and the transport-level key (TLS/SPKI) that serves the endpoint.
|
|
107
|
+
- This applies to **any secure protocol** (`wss://`, `https://`, `tls://`, `tcps://`).
|
|
108
|
+
- **Trust Model:** This mimics DANE: the `k` tag pins the expected SPKI fingerprint of the endpoint's certificate.
|
|
109
|
+
- **Self-Signed vs CA:** You can use **self-signed certificates** or CA-signed ones. The security comes from the NCC record's signature (the Identity) pinning the transport key, not from a centralized CA.
|
|
110
|
+
- **Verification:** The shared helpers compare the endpoint's actual fingerprint against the published `k` value. This allows clients to securely connect to self-signed endpoints without security warnings, provided the NCC record is valid.
|
|
108
111
|
|
|
109
112
|
## Reference Docs
|
|
110
113
|
|