From 87f8eefc7ddbf1455e256574ddfe62d58ee6f501 Mon Sep 17 00:00:00 2001
From: inference <admin@inferencium.net>
Date: Sat, 13 Jan 2024 08:33:10 +0000
Subject: [PATCH] Add more reference links

---
 about.xhtml | 33 ++++++++++++++++++++-------------
 1 file changed, 20 insertions(+), 13 deletions(-)

diff --git a/about.xhtml b/about.xhtml
index cdfeddf..cdceb11 100644
--- a/about.xhtml
+++ b/about.xhtml
@@ -1,7 +1,7 @@
 <!DOCTYPE html>
 
 <!-- Inferencium - Website - About -->
-<!-- Version: 7.0.0-alpha.9 -->
+<!-- Version: 7.0.0-alpha.10 -->
 
 <!-- Copyright 2022 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->
@@ -206,10 +206,12 @@
 														<li>All server logs purged every 14 days</li>
 														<li>User IP addresses used only for security and debugging
 														purposes (purged along with logs)</li>
-														<li>All connections made via TLS 1.3 (TLS 1.2 and older are
-														unsupported) to ensure the most secure AEAD ciphers are used,
-														along with forward secrecy (each connection uses a different key
-														to previous connections)</li>
+														<li>All connections made via
+														<a href="https://wikipedia.org/wiki/Transport_Layer_Security#TLS_1.3">TLS 1.3</a>
+														only to ensure the most secure
+														<a href="https://wikipedia.org/wiki/Authenticated_encryption">AEAD</a>
+														ciphers are used, along with
+														<a href="https://wikipedia.org/wiki/Forward_secrecy">forward secrecy</a></li>
 														<li>All connections made via high-security AEAD ciphers,
 														preferring AES-256-GCM for devices with AES
 														hardware-acceleration, and ChaCha20-Poly1305 for devices without
@@ -220,17 +222,22 @@
 														protocols, preferring X25519, with secp256r1 as a fallback
 														(secp256r1 is mandated for TLS 1.3 by
 														<a href="https://datatracker.ietf.org/doc.html/rfc8446#section-9.1">IETF RFC8446 section 9.1</a>)</li>
-														<li>DNSSEC implemented to provide a root-of-trust for encryption
-														and authentication for domain and server configuration</li>
-														<li>Certificate Authority Authorization (CAA) records enabled to
-														prevent all certificate authorities other than Let's Encrypt
-														from issuing TLS certificates for my domains</li>
-														<li>Secure Shell fingerprint (SSHFP) records enabled to provide
-														a DNS-based root-of-trust for SSH connections to my domains</li>
+														<li><a href="https://wikipedia.org/wiki/Domain_Name_System_Security_Extensions">Domain Name System Security Extensions (DNSSEC)</a>
+														enabled to provide a root-of-trust for encryption and
+														authentication for domain and server configuration</li>
+														<li><a href="https://wikipedia.org/wiki/DNS_Certification_Authority_Authorization">Certificate Authority Authorization (CAA)</a>
+														records enabled to prevent all certificate authorities other
+														than
+														<a href="https://letsencrypt.org/">Let's Encrypt</a> from
+														issuing TLS certificates for my domains</li>
+														<li><a href="https://wikipedia.org/wiki/SSHFP_record">Secure Shell fingerprint (SSHFP)</a>
+														records enabled to provide a DNS-based root-of-trust for SSH
+														connections to my domains</li>
 														<li>Referrer headers disabled to prevent knowing where a user
 														was redirected from</li>
 														<li>All content sourced from my own domains, with third-party
-														content prohibited via Content Security Policy
+														content prohibited via
+														<a href="https://wikipedia.org/wiki/Content_Security_Policy">Content Security Policy</a>
 														configuration</li>
 														<li>All servers physically under my control (no VPS or other
 														hosting providers)</li>