X-Git-Url: http://www.git.stargrave.org/?a=blobdiff_plain;f=doc%2Findex.texi;h=f5ffde92b519c8e8969a4c6b26794f2f5cc6d8b0;hb=539e5df5806bd22c8eaddeb0409e6b8b187eda4c;hp=ed3bd99d67c24f17d48d21bd6be62c7480377d7d;hpb=6d4c578ad872cb3926852d1c29ea0b03c94fed61;p=tofuproxy.git

diff --git a/doc/index.texi b/doc/index.texi
index ed3bd99..f5ffde9 100644
--- a/doc/index.texi
+++ b/doc/index.texi
@@ -41,6 +41,9 @@ Even if native Go's checks are failed (for example domain still does not
 use @code{SubjectAltName} extension), you can still make a decision to
 forcefully trust the domain.
 
+@item
+CAs can have restrictions on what domains they are allowed to be served.
+
 @item
 Optional @url{https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities, DANE-EE} check.
 
@@ -104,6 +107,7 @@ Web fonts downloads are forbidden.
 @include spies.texi
 @include certs.texi
 @include tlsauth.texi
+@include restricted.texi
 @include httpauth.texi
 @include warcs.texi
 @include gemini.texi