Closed ei-grad closed 5 months ago
francoismichel
commented
6 months ago I would also like to refer Issue #57 in the README, by stating that if one has security questions, there is an open discussions with some answers there. Would you like to add that as well ?
ei-grad
commented
6 months ago @francoismichel I agree, all your wording suggestions look better. I've committed these changes and credited you as the author. Shall we address the security questions in a separate pull request? I believe it would be worthwhile to add some information to the SECURITY.md file in the repository.
mpiraux
commented
6 months ago Can we proceed with the changes proposed in this PR and comments? I feel this would add to the README and as such is good to merge sometime soon :)
ei-grad
commented
6 months ago Updated the code, please recheck if all proposed changes done right and the merge is correct.
francoismichel
commented
5 months ago Rebased your branch with main and then merged in 9259245, thank you very much for the work !
This PR proposes adding more measured language around SSH3's current security status. Making absolute security claims about an early prototype could be misleading without extensive analysis and review over time.
To build community trust and encourage assistance accelerating SSH3's secure development, I've updated the messaging to:
I believe positioning SSH3's security more conservatively for now is prudent. It still shows intriguing promise improving on SSH2, but overstating protections too early can risk credibility and user security if vulnerabilities emerge later.
By being upfront about limitations and the need for review, my aim is to facilitate open community engagement accelerating SSH3 towards safe production readiness. I welcome any feedback, and hope these README updates might encourage capable security researchers to help validate and strengthen SSH3 moving forward!