From e07a78c64bd1331ef7455d11b1bf422dd1ea82ee Mon Sep 17 00:00:00 2001 From: Nelson Melo Date: Thu, 20 Dec 2018 12:04:08 -0500 Subject: [PATCH 1/2] Fix a couple typos in documentation and a formatting issue --- README.md | 2 +- docs/common-questions.md | 1 + docs/recommendations.md | 2 +- server/server.go | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index db3715c3..3478f06e 100644 --- a/README.md +++ b/README.md @@ -326,7 +326,7 @@ then, upon `reload`, the Step CA will read it's new configuration from the same configuration file. * Step CA requires the password to decrypt the intermediate certificate, again, -upon `reload`. You can auotmate this in one of two ways: +upon `reload`. You can automate this in one of two ways: * Use the `--password-file` flag in the original invocation. * Use the top level `password` attribute in the `ca.json` configuration file. diff --git a/docs/common-questions.md b/docs/common-questions.md index a8fa124a..21e70ff1 100644 --- a/docs/common-questions.md +++ b/docs/common-questions.md @@ -82,6 +82,7 @@ communication for your own internal infrastructure? There are several reasons: * Public CAs can't handle client certificates (mutual TLS) * It's much harder (and more expensive) to revoke or roll certificates from public CAs * It relies on a third party that can subvert your security + More broadly, the answer is that web PKI was designed for the web. A lot of the web PKI design decisions aren't appropriate for internal systems. diff --git a/docs/recommendations.md b/docs/recommendations.md index 9921c39c..c0c02d45 100644 --- a/docs/recommendations.md +++ b/docs/recommendations.md @@ -172,7 +172,7 @@ are useless without proper attention to configuration and guidelines. // - ECDHE key exchange algorithm has perfect forward secrecy // - ECDSA has smaller keys and better performance (than RSA) // - CHACHA20 with POLY1305 is the cipher mode used by google. - // - CHACHA20 is more performance than GCM and CBC. + // - CHACHA20's performance is better than GCM and CBC. // NOTE: The http2 spec requires the "TLS_ECDHE_(RSA|ECDSA)_WITH_AES_128_GCM_SHA256" // ciphersuite be accepted by the server, therefore it makes our list of // default ciphersuites until we build the functionality to modify our defaults diff --git a/server/server.go b/server/server.go index c36219d9..9aba2428 100644 --- a/server/server.go +++ b/server/server.go @@ -60,7 +60,7 @@ func (srv *Server) ListenAndServe() error { return srv.Serve(ln) } -// Serve runs Serve or ServetTLS on the underlaying http.Server and listen to +// Serve runs Serve or ServetTLS on the underlying http.Server and listen to // channels to reload or shutdown the server. func (srv *Server) Serve(ln net.Listener) error { var err error From d0c7ccd0db54d809b9b7609e3bd727685a071049 Mon Sep 17 00:00:00 2001 From: Nelson Melo Date: Thu, 20 Dec 2018 12:10:32 -0500 Subject: [PATCH 2/2] ServetTLS => ServeTLS in function docs --- server/server.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/server.go b/server/server.go index 9aba2428..d3968c4a 100644 --- a/server/server.go +++ b/server/server.go @@ -60,7 +60,7 @@ func (srv *Server) ListenAndServe() error { return srv.Serve(ln) } -// Serve runs Serve or ServetTLS on the underlying http.Server and listen to +// Serve runs Serve or ServeTLS on the underlying http.Server and listen to // channels to reload or shutdown the server. func (srv *Server) Serve(ln net.Listener) error { var err error