feat(protocol): specify the rpc.dig.net dual-mode gateway + ephemeral read certs#10
Merged
Merged
Conversation
… read certs The peer-network spec already had the two RPC tiers (mTLS peer/control vs anonymous public-read) but treated rpc.dig.net as purely the anonymous front. Node-class clients (digstore CLI, dig-sdk, any DIG-identity-key holder) must never downgrade to that anonymous path, even at the public gateway, per the client->node connection order contract. - New peer-network.md §0a: rpc.dig.net is dual-mode — an mTLS front (CERT_REQUIRED) for node-class-client identity certs, reached at all three ladder tiers (dig.local/localhost/rpc.dig.net), alongside the existing plain-HTTPS+CORS front for browsers. - Ephemeral self-signed client certificate flow: an anonymous reader may use the mTLS front for channel-bound request integrity without any persisted identity or reputation, binding a signed request to its TLS session. - Design-status note: implementations gate on the gateway mTLS endpoint's existence and must not hard-break before it is deployed. - Cross-link the dual-mode note into dig-rpc.md's public-read-tier tip and add a Related link + conformance/tier-map notes in peer-network.md. Minor bump (additive normative spec content, no removed/renumbered sections).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Super-repo Issue DIG-Network/dig_ecosystem#18 (DESIGN-FIRST: dual-transport RPC scheme). The peer-network spec already normatively defined the two RPC tiers (§0 mTLS PEER/CONTROL vs anonymous PUBLIC-READ) and the tier map (§7a), but it treated
rpc.dig.netas purely the anonymous public-read front. That leaves an unresolved question for a protocol implementer: how does a node-class client (thedigstoreCLI,dig-sdk, any DIG-identity-key holder) read/write against the public gateway without downgrading to the anonymous path — and can an anonymous browser get any stronger channel binding than plain HTTPS?This PR adds the missing normative design, scoped entirely to
docs.dig.net:docs/protocol/peer-network.md§0a ("rpc.dig.netis dual-mode"): the gateway answers on two independently-authenticated fronts — an mTLS front (CERT_REQUIRED) for node-class clients (their identity-derived cert, used at all three tiers of the client→node ladder:dig.local→localhost→rpc.dig.net) and the existing plain-HTTPS+CORS-*front for browsers.CERT_REQUIREDhandshake, getting a TLS-session-bound (replay-resistant) read with no persisted identity, reputation, or authorization implied.rpc.dig.netonly serves the plain-HTTPS front).dig-rpc.md's public-read-tier tip, the §7a tier-map notes, the §11 conformance table, and a newRelatedlink torun-a-node/point-a-consumer.md(the task-oriented ladder page, unchanged — this PR only touches the protocol-developer spec).static/knowledge-graph.jsonregenerated (npm run gen) to pick up the new cross-link edge.Verified
npm run build— all 15 locale builds succeed withonBrokenLinks/onBrokenAnchors: "throw"(every new anchor/cross-link resolves);llms.txt/sitemap.xml/robots.txtpresent indist/.npm run typecheck— clean.npm run test:unit— passing.npm run test:a11y(axe + ARIA snapshot + keyboard-nav + mobile-nav) — 22/22 passing.npm run test:e2e(full suite incl. SEO/hreflang meta) — 28/28 passing.Version bump
Minor (
0.2.0→0.3.0) — purely additive normative spec content (new section, new cross-links); no existing section removed, renumbered, or changed in meaning.Test plan
deploy.ymltestjob green (build + a11y/SEO)commitlint— Conventional Commit formatensure-version-increment—package.jsonversion increased