102 lines
5.9 KiB
Markdown
102 lines
5.9 KiB
Markdown
# IwoooS DNS / TLS / certbot Owner Confirmation Request
|
||
|
||
| 項目 | 內容 |
|
||
|------|------|
|
||
| 日期 | 2026-06-14 |
|
||
| 狀態 | `owner_confirmation_request_ready_not_dispatched` |
|
||
| 工具 | `scripts/security/domain-tls-certbot-owner-confirmation-request.py` |
|
||
| 輸入 | `docs/security/domain-tls-certbot-inventory.snapshot.json` |
|
||
| Snapshot | `docs/security/domain-tls-certbot-owner-confirmation-request.snapshot.json` |
|
||
| runtime gate | `0` |
|
||
|
||
## 1. 目的
|
||
|
||
DNS、TLS 憑證與 certbot renewal 是公開入口的即時風險配置。既有清冊已指出 4 個 domain 的 `server_name` 與 certificate path domain 不同;這不直接代表錯誤,也不代表 TLS 已失效,但必須由 owner 以脫敏 evidence 確認 SAN、wildcard 或共用憑證覆蓋關係。
|
||
|
||
本文件只定義 owner confirmation request 草稿與拒收邊界。它不是 request sent、不是 owner response received、不是 accepted response、不是 DNS query、不是 live TLS probe、不是 certbot renew、不是 Nginx reload,也不是 production write 或 runtime gate 授權。
|
||
|
||
## 2. 摘要
|
||
|
||
| 指標 | 值 | 說明 |
|
||
|------|----|------|
|
||
| owner confirmation request count | `4` | 4 個需確認的 certificate path 關係 |
|
||
| C0 owner confirmation request count | `4` | 全部位於 188 public gateway / internal tools HTTPS 範圍 |
|
||
| required owner field count | `9` | owner role、decision、reason、scope、redacted refs、followup、rollback、window、validation |
|
||
| request field count | `16` | 每份 request 的 metadata 與不可授權欄位 |
|
||
| confirmation question count | `5` | 覆蓋依據、憑證狀態 metadata、renewal owner、ACME route、post-check / rollback |
|
||
| rejection guard count | `12` | private key、DNS credential、certbot account、raw log、執行要求等拒收 |
|
||
| request sent / recipient confirmed | `0 / 0` | 尚未送件,尚未確認收件角色 |
|
||
| owner response received / accepted | `0 / 0` | 尚未收到,尚未驗收 |
|
||
| DNS query / TLS probe / certbot renew / Nginx reload | `0 / 0 / 0 / 0` | 尚未批准且未執行 |
|
||
| runtime gate / action button | `0 / 0` | 未開啟 |
|
||
|
||
## 3. 四份確認請求
|
||
|
||
| Request | Control tier | Certificate path domain | 要確認的事 |
|
||
|---------|--------------|-------------------------|------------|
|
||
| `domain_tls_certbot_owner_confirmation:gitea.wooo.work` | `C0` | `sentry.wooo.work` | `gitea.wooo.work` 是否由 `sentry.wooo.work` 憑證的 SAN / wildcard / 共用憑證合法覆蓋 |
|
||
| `domain_tls_certbot_owner_confirmation:langfuse.wooo.work` | `C0` | `sentry.wooo.work` | `langfuse.wooo.work` 是否由 `sentry.wooo.work` 憑證的 SAN / wildcard / 共用憑證合法覆蓋 |
|
||
| `domain_tls_certbot_owner_confirmation:signoz.wooo.work` | `C0` | `sentry.wooo.work` | `signoz.wooo.work` 是否由 `sentry.wooo.work` 憑證的 SAN / wildcard / 共用憑證合法覆蓋 |
|
||
| `domain_tls_certbot_owner_confirmation:tsenyang.com` | `C0` | `www.tsenyang.com` | `tsenyang.com` 是否由 `www.tsenyang.com` 憑證的 SAN / wildcard / 共用憑證合法覆蓋 |
|
||
|
||
## 4. Owner 必填欄位
|
||
|
||
| 欄位 | 規則 |
|
||
|------|------|
|
||
| `owner_role_or_team` | 只填角色或團隊,不填私人聯絡資料或 credential |
|
||
| `decision` | 允許 `confirm`、`defer`、`reject`、`request_more_evidence` |
|
||
| `decision_reason` | 摘要說明,不貼 raw cert、private key、certbot log 或 DNS credential |
|
||
| `affected_scope` | 明確列出 domain、certificate path metadata、ACME / route 影響範圍 |
|
||
| `redacted_evidence_refs` | 只接受脫敏 ref、ticket id、文件路徑、hash 或摘要 |
|
||
| `followup_owner` | 後續補證或 reviewer 負責角色 |
|
||
| `rollback_owner` | 未來若進 renewal / reload / route smoke 時的 rollback 負責角色 |
|
||
| `maintenance_window` | 未來執行期操作的維護窗口;本 request 不開執行權 |
|
||
| `validation_plan` | 未來若要 probe / renew / reload 的 post-check 指標 |
|
||
|
||
## 5. 五題確認
|
||
|
||
1. Certificate path domain 與 service domain 不同時,是否由 SAN、wildcard 或共用憑證合法覆蓋。
|
||
2. 若提供憑證狀態,只能提供脫敏 metadata ref,不得貼 raw certificate、private key 或 certbot account 內容。
|
||
3. Renewal owner、工具路徑與責任邊界是什麼;不得在本 request 夾帶 certbot renew 要求。
|
||
4. 若依賴 HTTP-01 ACME route,challenge path owner 與 route smoke 負責人是誰。
|
||
5. 未來若要 DNS / TLS probe、certbot renew 或 Nginx reload,validation plan、rollback owner 與維護窗口是什麼。
|
||
|
||
## 6. 拒收邊界
|
||
|
||
以下內容必須拒收或只留下 quarantine metadata,不得寫入 LOGBOOK、前端、snapshot 或 repo 文件:
|
||
|
||
1. TLS private key、raw certificate payload、ACME account key。
|
||
2. DNS provider、registrar、certbot account 或主機 credential。
|
||
3. token、secret、cookie、session、authorization header 或 Basic Auth credential。
|
||
4. 未脫敏 certbot log、環境變數 dump、shell history、private key path dump。
|
||
5. 夾帶 DNS query、TLS probe、certbot renew、Nginx reload、route change、SSH、host write、production write 或 action button 要求。
|
||
|
||
## 7. 指令
|
||
|
||
產生 committed snapshot:
|
||
|
||
```bash
|
||
python3 scripts/security/domain-tls-certbot-owner-confirmation-request.py \
|
||
--root . \
|
||
--inventory-report docs/security/domain-tls-certbot-inventory.snapshot.json \
|
||
--output docs/security/domain-tls-certbot-owner-confirmation-request.snapshot.json \
|
||
--generated-at 2026-06-14T20:35:00+08:00
|
||
```
|
||
|
||
驗證 guard:
|
||
|
||
```bash
|
||
python3 scripts/security/security-mirror-progress-guard.py --root .
|
||
```
|
||
|
||
## 8. 完成度
|
||
|
||
| 工作 | 完成度 | 說明 |
|
||
|------|--------|------|
|
||
| owner confirmation request artifact | `100%` | 產生器、snapshot 與文件已固定 |
|
||
| request dispatch | `0%` | 尚未送件 |
|
||
| owner response received / accepted | `0%` | 尚未收到,尚未驗收 |
|
||
| DNS query / TLS probe | `0%` | 尚未批准且未執行 |
|
||
| certbot renew / Nginx reload | `0%` | 尚未批准且未執行 |
|
||
| runtime gate / host write | `0%` | 未授權且未執行 |
|