Proper security statements in README #59
Conversation
README.md
Outdated
|
|
||
| ## 🥷 Your SSH3 server should not yet be made public | ||
|
|
||
| Given the current prototype state, we advise **testing SSH3 only on private networks**. Making experimental servers directly Internet-accessible could introduce risk before thorough security vetting. |
There was a problem hiding this comment.
What about rephrasing like this ?
Given the current prototype state, we advise testing SSH3 in sandboxed environments or private networks. Be aware that making experimental servers directly Internet-accessible could introduce risk before thorough security vetting.
I want users to be aware of the risks of deploying public instances for sure and there may exist unknown issues with the current implem. However, I think it might be quite acceptable to deploy it on test/sandbox instances, using secret link if needed. It may be prematurate for production use, but I want to encourage people that know about security to test and experiment with us.
README.md
Outdated
| @@ -29,7 +29,37 @@ Faster for session establishment, not throughput ! SSH3 offers a significantly f | |||
| <i>SSH3 (top) VS SSHv2 (bottom) session establishement with a 100ms ping towards the server.</i> | |||
| </p> | |||
|
|
|||
| ## 🔒 SSH3 is secure | |||
| ## ⚡ SSH3 is an experimental prototype | |||
There was a problem hiding this comment.
I would change the lightning emoji to: 🧪 and rephrase like this if you're okay:
🧪 SSH3 is still experimental
|
I would also like to refer Issue #57 in the README, by stating that if one has security questions, there is an open discussions with some answers there. Would you like to add that as well ? |
|
@francoismichel I agree, all your wording suggestions look better. I've committed these changes and credited you as the author. Shall we address the security questions in a separate pull request? I believe it would be worthwhile to add some information to the SECURITY.md file in the repository. |
There was a problem hiding this comment.
Maybe a last thing:
When looking at the global readme, these large sections disturb a bit the flow of the README: we talk about SSH3 features, then we say that it is experimental, then we ask for support and then we discuss security and then new features again.
Most of the added sections concern security and could be put inside the 🔒 SSH3 security section as subsections, so that when people have questions on security, they only have one section to look at. Doing so will also make the Security section appear earlier in the readme which is probably desirable.
So maybe let's re-organize it like that, if you're OK:
🔒 SSH3 security
[current text of the security section]
🧪 SSH3 is still experimental
[the text you wrote]
🥷 Do not deploy the SSH3 server on your production servers for now
[the text you wrote]
And maybe move the 🙏 Community support section between the 💐 SSH3 is already feature-rich and the Installing SSH3 section; like this:
💐 SSH3 is already feature-rich
[current text of the feature section]
🙏 Community support
[the text you wrote]
Installing SSH3
[...]
If you want, I can do the reorganization and let you cross-check, or you can do it if you prefer. :-)
And I think with that I am totally good! Thank you again !
README.md
Outdated
|
|
||
| Given the current prototype state, we advise *testing SSH3 in sandboxed environments or private networks*. Be aware that making experimental servers directly Internet-accessible could introduce risk before thorough security vetting. | ||
|
|
||
| While [hidding](#-your-ssh3-public-server-can-be-hidden) servers behind secret paths has potential benefits, it |
README.md
Outdated
| public launch. We are excited by SSH3's future possibilities but | ||
| encourage additional scrutiny first. | ||
|
|
||
| ## 🙏 Community support needed |
There was a problem hiding this comment.
I would just call it 🙏 Community support which, to me, looks more like classical community-oriented repos
|
Can we proceed with the changes proposed in this PR and comments? I feel this would add to the README and as such is good to merge sometime soon :) |
|
Updated the code, please recheck if all proposed changes done right and the merge is correct. |
francoismichel
force-pushed
the
patch-1
branch
from
ade1d11
to
74a8937
Compare
Co-authored-by: Maxime Piraux <maxime.piraux@uclouvain.be>
francoismichel
force-pushed
the
patch-1
branch
from
74a8937
to
4e36b20
Compare
|
Rebased your branch with main and then merged in 9259245, thank you very much for the work ! |
This PR proposes adding more measured language around SSH3's current security status. Making absolute security claims about an early prototype could be misleading without extensive analysis and review over time.
To build community trust and encourage assistance accelerating SSH3's secure development, I've updated the messaging to:
I believe positioning SSH3's security more conservatively for now is prudent. It still shows intriguing promise improving on SSH2, but overstating protections too early can risk credibility and user security if vulnerabilities emerge later.
By being upfront about limitations and the need for review, my aim is to facilitate open community engagement accelerating SSH3 towards safe production readiness. I welcome any feedback, and hope these README updates might encourage capable security researchers to help validate and strengthen SSH3 moving forward!