aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--debian/control10
1 files changed, 10 insertions, 0 deletions
diff --git a/debian/control b/debian/control
index 2dcd758..856f30d 100644
--- a/debian/control
+++ b/debian/control
@@ -15,3 +15,13 @@ Depends: ${misc:Depends}, ${perl:Depends},
openssl, netcat-openbsd | netcat-traditional
Recommends: liblwp-protocol-https-perl, socat
Description: Tiny ACME client for Let's Encrypt
+ This tiny ACME client written is with process isolation and minimal privileges
+ in mind. It is divided into three components:
+ 1. the "master" process, which runs as root and is the only component
+ with access to the private key material (both account and server keys);
+ 2. the actual ACME client, which runs as a separated user ID, builds ACME
+ requests and dialogues with the remote ACME server (data to be signed is
+ written to a pipe shared with the master process, which replies with its
+ SHA-256 signature); and
+ 3. an optional webserver, which runs as www-data:www-data and listen on port
+ 80 to server ACME challenges.