You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: translations/en/main.po
+12-12Lines changed: 12 additions & 12 deletions
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,7 @@ msgstr ""
9
9
"Project-Id-Version: PACKAGE VERSION\n"
10
10
"Report-Msgid-Bugs-To: \n"
11
11
"POT-Creation-Date: 2015-02-16 23:27+0100\n"
12
-
"PO-Revision-Date: 2025-05-27 12:27:29.821689\n"
12
+
"PO-Revision-Date: 2025-05-27 14:55:39.942551\n"
13
13
"Last-Translator: \n"
14
14
"Language-Team: \n"
15
15
"Language: \n"
@@ -914,13 +914,13 @@ msgstr ""
914
914
915
915
msgid"detail mail rpki exists exp"
916
916
msgstr""
917
-
"We check if an RPKI Route Origin Authorization (ROA) has been published for all IP addresses of your mail server(s) (MX).\n"
917
+
"We check if an RPKI Route Origin Authorisation (ROA) has been published for all IP addresses of your mail server(s) (MX).\n"
918
918
"\n"
919
919
"Your hoster (or its network provider) announces through the Border Gateway Protocol (BGP) for which of its IP address blocks it accepts incoming Internet traffic. Other network providers use these route announcements to determine via which route to send traffic for your server's IP addresses.\n"
920
920
"\n"
921
921
"However, a route announcement can be faked. In fact, another network provider may be able to connect the IP address block of your IP address to its network and thus potentially receive Internet traffic that is actually intended for your network provider. The cause may be accidental or malicious. In either case, this can result in your server becoming unreachable or in Internet traffic to your server being intercepted.\n"
922
922
"\n"
923
-
"Resource Public Key Infrastructure (RPKI) significantly improves protection against this. With RPKI, the rightful holder of a block of IP addresses can publish a digitally signed statement with route authorization (Route Origin Authorisation; ROA for short). Another network provider that wants to send Internet traffic to a particular IP address, can use the corresponding statement to filter out `Invalid` routes. In this way, the network provider prevents Internet traffic from its network from being sent to unauthorized provider networks."
923
+
"Resource Public Key Infrastructure (RPKI) significantly improves protection against this. With RPKI, the rightful holder of a block of IP addresses can publish a digitally signed statement with route authorisation (Route Origin Authorisation; ROA for short). Another network provider that wants to send Internet traffic to a particular IP address, can use the corresponding statement to filter out `Invalid` routes. In this way, the network provider prevents Internet traffic from its network from being sent to unauthorized provider networks."
924
924
925
925
msgid"detail mail rpki exists label"
926
926
msgstr"Route Origin Authorisation existence"
@@ -945,13 +945,13 @@ msgstr ""
945
945
946
946
msgid"detail mail rpki mx-ns-exists exp"
947
947
msgstr""
948
-
"We check if an RPKI Route Origin Authorization (ROA) has been published for all IP addresses of the name servers of your mail server(s) (MX).\n"
948
+
"We check if an RPKI Route Origin Authorisation (ROA) has been published for all IP addresses of the name servers of your mail server(s) (MX).\n"
949
949
"\n"
950
950
"Your hoster (or its network provider) announces through the Border Gateway Protocol (BGP) for which of its IP address blocks it accepts incoming Internet traffic. Other network providers use these route announcements to determine via which route to send traffic for your server's IP addresses.\n"
951
951
"\n"
952
952
"However, a route announcement can be faked. In fact, another network provider may be able to connect the IP address block of your IP address to its network and thus potentially receive Internet traffic that is actually intended for your network provider. The cause may be accidental or malicious. In either case, this can result in your server becoming unreachable or in Internet traffic to your server being intercepted.\n"
953
953
"\n"
954
-
"Resource Public Key Infrastructure (RPKI) significantly improves protection against this. With RPKI, the rightful holder of a block of IP addresses can publish a digitally signed statement with route authorization (Route Origin Authorisation; ROA for short). Another network provider that wants to send Internet traffic to a particular IP address, can use the corresponding statement to filter out `Invalid` routes. In this way, the network provider prevents Internet traffic from its network from being sent to unauthorized provider networks."
954
+
"Resource Public Key Infrastructure (RPKI) significantly improves protection against this. With RPKI, the rightful holder of a block of IP addresses can publish a digitally signed statement with route authorisation (Route Origin Authorisation; ROA for short). Another network provider that wants to send Internet traffic to a particular IP address, can use the corresponding statement to filter out `Invalid` routes. In this way, the network provider prevents Internet traffic from its network from being sent to unauthorized provider networks."
955
955
956
956
msgid"detail mail rpki mx-ns-exists label"
957
957
msgstr"Route Origin Authorisation existence"
@@ -1117,10 +1117,10 @@ msgstr ""
1117
1117
"The domain were the applicable CAA records are found is shown in the table with technical details below.\n"
1118
1118
"\n"
1119
1119
"The verdict is good if one or more CAA records were found that all have correct syntax, and at least one of these CAA records has the `issue` tag.\n"
1120
-
"In all other cases, the test will result in a fail.\n"
1120
+
"Otherwise, the test will result in a fail.\n"
1121
1121
"It is not checked whether the certificate authority of the current TLS certificate matches one or more of the `issue` and `issuewild` values, i.e., whether the current certificate could be reissued at this time.\n"
1122
1122
"\n"
1123
-
"If your are using the Automatic Certificate Management Environment (ACME) standard and your certificate authority supports it, we recommend you to use the parameters `validationmethods` and `accounturi` to further restrict isssuance by the authorised certificate authority. Furthermore, it is recommended to add `issuemail` and `issuevmc` with an empty `;` if you do not use certificates for S/MIME and/or BIMI respectively. Otherwise, any certificate authority is still allowed to issue these certificates for your domain, since `issue` does not cover them.\n"
1123
+
"If your are using the Automatic Certificate Management Environment (ACME) standard and your certificate authority supports it, we recommend you to use the parameters `validationmethods` and `accounturi` to further restrict isssuance by the authorised certificate authority. Furthermore, it is recommended to add `issuewild`, `issuemail` and `issuevmc` with an empty `;` if you do not use wildcard, S/MIME and/or BIMI certificates respectively. Otherwise, any certificate authority is still allowed to issue these certificates for your domain, since `issue` does not cover them.\n"
1124
1124
"\n"
1125
1125
"We expect URLs in `iodef` to be secure (i.e. use HTTPS scheme).\n"
1126
1126
"Furthermore, to prevent suppression or spoofing of CAA records we strongly recommend you to use DNSSEC, although this CAA test does not specifically test for DNSSEC.\n"
@@ -2034,7 +2034,7 @@ msgstr ""
2034
2034
2035
2035
msgid"detail tech data http-csp missing-invalid-frame-src"
2036
2036
msgstr""
2037
-
"Recommendation: 'frame-src' (or child-src' or 'default-src' as fallback) "
2037
+
"Recommendation: 'frame-src' (or 'child-src' or 'default-src' as fallback) "
2038
2038
"with sufficiently secure value should be defined (#3)."
2039
2039
2040
2040
msgid"detail tech data http-csp no-policy-found"
@@ -2678,13 +2678,13 @@ msgstr "All your web servers with an IPv6 address are reachable over IPv6."
2678
2678
2679
2679
msgid"detail web rpki exists exp"
2680
2680
msgstr""
2681
-
"We check if an RPKI Route Origin Authorization (ROA) has been published for all IP addresses of your web server.\n"
2681
+
"We check if an RPKI Route Origin Authorisation (ROA) has been published for all IP addresses of your web server.\n"
2682
2682
"\n"
2683
2683
"Your hoster (or its network provider) announces through the Border Gateway Protocol (BGP) for which of its IP address blocks it accepts incoming Internet traffic. Other network providers use these route announcements to determine via which route to send traffic for your server's IP addresses.\n"
2684
2684
"\n"
2685
2685
"However, a route announcement can be faked. In fact, another network provider may be able to connect the IP address block of your IP address to its network and thus potentially receive Internet traffic that is actually intended for your network provider. The cause may be accidental or malicious. In either case, this can result in your server becoming unreachable or in Internet traffic to your server being intercepted.\n"
2686
2686
"\n"
2687
-
"Resource Public Key Infrastructure (RPKI) significantly improves protection against this. With RPKI, the rightful holder of a block of IP addresses can publish a digitally signed statement with route authorization (Route Origin Authorisation; ROA for short). Another network provider that wants to send Internet traffic to a particular IP address, can use the corresponding statement to filter out `Invalid` routes. In this way, the network provider prevents Internet traffic from its network from being sent to unauthorized provider networks."
2687
+
"Resource Public Key Infrastructure (RPKI) significantly improves protection against this. With RPKI, the rightful holder of a block of IP addresses can publish a digitally signed statement with route authorisation (Route Origin Authorisation; ROA for short). Another network provider that wants to send Internet traffic to a particular IP address, can use the corresponding statement to filter out `Invalid` routes. In this way, the network provider prevents Internet traffic from its network from being sent to unauthorized provider networks."
2688
2688
2689
2689
msgid"detail web rpki exists label"
2690
2690
msgstr"Route Origin Authorisation existence"
@@ -2784,9 +2784,9 @@ msgstr ""
2784
2784
"The domain were the applicable CAA records are found is shown in the table with technical details below.\n"
2785
2785
"\n"
2786
2786
"The verdict is good if one or more CAA records were found that all have correct syntax, and at least one of these CAA records has the `issue` tag with a valid value.\n"
2787
-
"In all other cases, the test will result in a fail. It is not checked whether the certificate authority of the current certificate matches one or more of the `issue` and `issuewild` values, i.e., whether the current certificate could be reissued at this time.\n"
2787
+
"Otherwise, the test will result in a fail. It is not checked whether the certificate authority of the current certificate matches one or more of the `issue` and `issuewild` values, i.e., whether the current certificate could be reissued at this time.\n"
2788
2788
"\n"
2789
-
"If your are using the Automatic Certificate Management Environment (ACME) standard and your certificate authority supports it, we recommend you to use the parameters `validationmethods` and `accounturi` to further restrict isssuance by the authorised certificate authority. Furthermore, it is recommended to add `issuemail` and `issuevmc` with an empty `;` if you do not use certificates for S/MIME and/or BIMI respectively. Otherwise, any certificate authority is still allowed to issue these certificates for your domain, since `issue` does not cover them.\n"
2789
+
"If your are using the Automatic Certificate Management Environment (ACME) standard and your certificate authority supports it, we recommend you to use the parameters `validationmethods` and `accounturi` to further restrict isssuance by the authorised certificate authority. Furthermore, it is recommended to add `issuewild`, `issuemail` and `issuevmc` with an empty `;` if you do not use wildcard, S/MIME and/or BIMI certificates respectively. Otherwise, any certificate authority is still allowed to issue these certificates for your domain, since `issue` does not cover them.\n"
2790
2790
"\n"
2791
2791
"We expect URLs in `iodef` to be secure (i.e. use HTTPS scheme). \n"
2792
2792
"Furthermore, to prevent suppression or spoofing of CAA records we strongly recommend you to use DNSSEC, although this CAA test does not specifically test for DNSSEC.\n"
Copy file name to clipboardExpand all lines: translations/en/news.po
+79Lines changed: 79 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -4,6 +4,7 @@ msgstr ""
4
4
5
5
msgid"article .index"
6
6
msgstr""
7
+
"release-1.10\n"
7
8
"release-1.9\n"
8
9
"release-1.8\n"
9
10
"release-1.7\n"
@@ -681,6 +682,84 @@ msgstr ""
681
682
msgid"article open-source-release title"
682
683
msgstr"Open source release Internet.nl including 'security headers'"
683
684
685
+
msgid"article release-1.10 body"
686
+
msgstr""
687
+
"## What is CAA?\n"
688
+
"Certification Authority Authorisation (CAA) allows you as a DNS domain name holder to specify one or more certification authorities authorised to issue certificates for your domain name. A certificate authority must not issue a certificate unless the certificate authority determines that the certificate request is consistent with the applicable CAA records.\n"
689
+
"\n"
690
+
"## Why is CAA important?\n"
691
+
"For the secure connection to your website or mail server, its certificate is crucial. If a malicious party is able to obtain a certificate for your domain name, it may be able to intercept sensitive data. By limiting the number of authorized certificate authorities, you reduce the risk of mis-issuance.\n"
692
+
"\n"
693
+
"## What does the CAA test in Internet.nl check for?\n"
694
+
"Internet.nl checks if the name servers of your tested domain or the domains of its mail servers (MX) contain one or more CAA records, that are all have correct syntax. At least one of these CAA records must have the `issue` tag. Otherwise, the test will result in a fail. It is not checked whether the certificate authority of the current TLS certificate matches one or more of the `issue` and `issuewild` values, i.e., whether the current certificate could be reissued at this time. Note that the result of the test currently does not weigh into the score.\n"
695
+
"\n"
696
+
"If your are using the Automatic Certificate Management Environment (ACME) standard and your certificate authority supports it, we recommend you to use the parameters `validationmethods` and `accounturi` to further restrict isssuance by the authorised certificate authority. Furthermore, it is recommended to add `issuewild`, `issuemail` and `issuevmc` with an empty `;` if you do not use wildcard, S/MIME and/or BIMI certificates respectively. Otherwise, any certificate authority is still allowed to issue these certificates for your domain, since `issue` does not cover them.\n"
697
+
"\n"
698
+
"## Upcoming release: new TLS guidelines\n"
699
+
"NCSC-NL recently published a new version of its TLS guidelines. The upcoming release of Internet.nl will use these updated guidelines as the baseline for the TLS test. We expect this new version of Internet.nl to go live around September/October 2025. \n"
700
+
"\n"
701
+
"## About Internet.nl\n"
702
+
"The test tool [Internet.nl](https://internet.nl) is an initiative of the Dutch Internet Standards Platform which is a collaboration of partners from the Internet community and the Dutch government. The aim of the platform is to jointly increase the use of modern Internet standards to make the Internet more accessible, safer and more reliable for everyone. The software code of Internet.nl is available under an open source license. \n"
703
+
"\n"
704
+
"---\n"
705
+
"\n"
706
+
"## Release notes 1.10.0\n"
707
+
"\n"
708
+
"### Feature changes\n"
709
+
"\n"
710
+
"- A test for CAA records was added for web and mail tests. This checks for the presence of one or more correctly\n"
711
+
" formatted CAA records, of which one must have an `issue` tag. This test is not required, i.e. does not affect scoring.\n"
712
+
"- The [sectxt](https://github.com/DigitalTrustCenter/sectxt) library, used for validating security.txt files, was updated from 0.9.4 to 0.9.7.\n"
713
+
" This includes:\n"
714
+
" - A new error if a PGP signed message ends with more than one newline, named `too_many_line_separators` ([sectxt/#78](https://github.com/DigitalTrustCenter/sectxt/issues/78)).\n"
715
+
" - Improved detection of repeated use of fields that must only occur once. Previously, these were not always detected ([sectxt/#83](https://github.com/DigitalTrustCenter/sectxt/issues/83)).\n"
716
+
" - Fixed an issue with checking signatures made with AEAD keys ([sectxt/#79](https://github.com/DigitalTrustCenter/sectxt/issues/79)).\n"
717
+
" - Fixed exception [for certain malformed PGP signatures](https://github.com/DigitalTrustCenter/sectxt/issues/85).\n"
718
+
"- The test date and time are now [included in the print CSS](https://github.com/internetstandards/Internet.nl/pull/1735).\n"
719
+
"\n"
720
+
"### Significant internal changes\n"
721
+
"\n"
722
+
"- The test code no longer interfaces with libunbound, but \n"
723
+
" [uses dnspython as a stub resolver](https://github.com/internetstandards/Internet.nl/pull/1578).\n"
724
+
"- Periodic tests [are no longer enabled by default](https://github.com/internetstandards/Internet.nl/pull/1628).\n"
725
+
"- UWSGI [cheaper](https://uwsgi-docs.readthedocs.io/en/latest/Cheaper.html) options are used to reduce idle processes and reduce memory consumption.\n"
726
+
"\n"
727
+
"### Possibly required changes to deployments\n"
728
+
"\n"
729
+
"- The `resolver-permissive` container was obsoleted and removed.\n"
730
+
"- Periodic tests will only run when [specifically enabled](https://github.com/internetstandards/Internet.nl/blob/main/documentation/Docker-deployment.md#periodic-tests)\n"
731
+
" with the CRON_15MIN_RUN_TESTS, TEST_DOMAINS_SITE and/or TEST_DOMAINS_MAIL settings.\n"
732
+
"- There is now support for running multiple instances per server, sharing a Routinator instance,\n"
733
+
" intended for acceptance testing.\n"
734
+
"\n"
735
+
"On upgrade from an earlier version, a\n"
736
+
"[change in networking setup](https://github.com/internetstandards/Internet.nl/pull/1688) requires\n"
737
+
"recreation of one of the Docker networks. Before deploy, bring down the entire environment and make sure the network is removed:\n"
0 commit comments