~whynothugo/vdirsyncer-rs

e7d754b3413884934f8dd1aca1060e69276019a8 — Hugo Osvaldo Barrera a month ago f0438ee
security: document DNSSEC limitations
1 files changed, 5 insertions(+), 0 deletions(-)

M SECURITY.md
M SECURITY.md => SECURITY.md +5 -0
@@ 11,6 11,11 @@ can be improved via https://todo.sr.ht/~whynothugo/vdirsyncer-rs/44. In the
meantime, any actor with read access to vdirsyncer's memory space may extract
secret credentials from it.

Vdirsyncer discovers the server's real hostname and path using DNS-based
discovery. For this, the system resolver is used. It is expected that the
system resolver performs DNSSEC validation and will not return invalid results.
Vdirsyncer does not perform DNSSEC validation itself.

# Manual tasks

The following need to be run manually and ought to be made part of some