Restricted CAs

[tofuproxy.git] / doc / index.texi

diff --git a/doc/index.texi b/doc/index.texi
index ed3bd99d67c24f17d48d21bd6be62c7480377d7d..f5ffde92b519c8e8969a4c6b26794f2f5cc6d8b0 100644 (file)
--- a/doc/index.texi
+++ b/doc/index.texi
@@ -41,6 +41,9 @@ Even if native Go's checks are failed (for example domain still does not
 use @code{SubjectAltName} extension), you can still make a decision to
 forcefully trust the domain.
 
+@item
+CAs can have restrictions on what domains they are allowed to be served.
+
 @item
 Optional @url{https://en.wikipedia.org/wiki/DNS-based_Authentication_of_Named_Entities, DANE-EE} check.
 
@@ -104,6 +107,7 @@ Web fonts downloads are forbidden.
 @include spies.texi
 @include certs.texi
 @include tlsauth.texi
+@include restricted.texi
 @include httpauth.texi
 @include warcs.texi
 @include gemini.texi