mirror of
https://github.com/XRPLF/rippled.git
synced 2026-06-02 16:26:48 +00:00
43258e8dc0
Document the threat model and chosen hardening approach for the OTel pipeline: mTLS to the collector as primary defense (across-network deployment), NetworkPolicy as defense-in-depth, and source-side validation plus per-peer rate limiting for protocol::TraceContext on peer messages. Skips Basic Auth (wrong shape for multi-operator fleet) and HTTP-gateway header stripping (rippled is P2P). Wires the new doc into the master plan ToC, mermaid diagram, and body section, plus cross-refs from the privacy section in 02-design-decisions.md and the collector config in 05-configuration-reference.md so readers reach it from natural in-context entry points. Adds a backlink at the top of secure-OTel.md to the master plan. Adds 'exfiltration' and 'htpasswd' to cspell dictionary. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>