-
Notifications
You must be signed in to change notification settings - Fork 79
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Proper security statements in README #59
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you so much for the PR !
I've made a few comments, let me know if you're okay with it, and if you're not, let's iterate on it.
README.md
Outdated
|
||
## 🥷 Your SSH3 server should not yet be made public | ||
|
||
Given the current prototype state, we advise **testing SSH3 only on private networks**. Making experimental servers directly Internet-accessible could introduce risk before thorough security vetting. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What about rephrasing like this ?
Given the current prototype state, we advise testing SSH3 in sandboxed environments or private networks. Be aware that making experimental servers directly Internet-accessible could introduce risk before thorough security vetting.
I want users to be aware of the risks of deploying public instances for sure and there may exist unknown issues with the current implem. However, I think it might be quite acceptable to deploy it on test/sandbox instances, using secret link if needed. It may be prematurate for production use, but I want to encourage people that know about security to test and experiment with us.
README.md
Outdated
@@ -29,7 +29,37 @@ Faster for session establishment, not throughput ! SSH3 offers a significantly f | |||
<i>SSH3 (top) VS SSHv2 (bottom) session establishement with a 100ms ping towards the server.</i> | |||
</p> | |||
|
|||
## 🔒 SSH3 is secure | |||
## ⚡ SSH3 is an experimental prototype |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would change the lightning emoji to: 🧪 and rephrase like this if you're okay:
🧪 SSH3 is still experimental
I would also like to refer Issue #57 in the README, by stating that if one has security questions, there is an open discussions with some answers there. Would you like to add that as well ? |
@francoismichel I agree, all your wording suggestions look better. I've committed these changes and credited you as the author. Shall we address the security questions in a separate pull request? I believe it would be worthwhile to add some information to the SECURITY.md file in the repository. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe a last thing:
When looking at the global readme, these large sections disturb a bit the flow of the README: we talk about SSH3 features, then we say that it is experimental, then we ask for support and then we discuss security and then new features again.
Most of the added sections concern security and could be put inside the 🔒 SSH3 security
section as subsections, so that when people have questions on security, they only have one section to look at. Doing so will also make the Security section appear earlier in the readme which is probably desirable.
So maybe let's re-organize it like that, if you're OK:
🔒 SSH3 security
[current text of the security section]
🧪 SSH3 is still experimental
[the text you wrote]
🥷 Do not deploy the SSH3 server on your production servers for now
[the text you wrote]
And maybe move the 🙏 Community support
section between the 💐 SSH3 is already feature-rich
and the Installing SSH3
section; like this:
💐 SSH3 is already feature-rich
[current text of the feature section]
🙏 Community support
[the text you wrote]
Installing SSH3
[...]
If you want, I can do the reorganization and let you cross-check, or you can do it if you prefer. :-)
And I think with that I am totally good! Thank you again !
README.md
Outdated
|
||
Given the current prototype state, we advise *testing SSH3 in sandboxed environments or private networks*. Be aware that making experimental servers directly Internet-accessible could introduce risk before thorough security vetting. | ||
|
||
While [hidding](#-your-ssh3-public-server-can-be-hidden) servers behind secret paths has potential benefits, it |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hidding->hiding
README.md
Outdated
public launch. We are excited by SSH3's future possibilities but | ||
encourage additional scrutiny first. | ||
|
||
## 🙏 Community support needed |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would just call it 🙏 Community support
which, to me, looks more like classical community-oriented repos
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like the tone of the new statements. I have a minor suggestion but I don't feel to strongly about it.
Can we proceed with the changes proposed in this PR and comments? I feel this would add to the README and as such is good to merge sometime soon :) |
Updated the code, please recheck if all proposed changes done right and the merge is correct. |
ade1d11
to
74a8937
Compare
Co-authored-by: Maxime Piraux <maxime.piraux@uclouvain.be>
74a8937
to
4e36b20
Compare
Rebased your branch with main and then merged in 9259245, thank you very much for the work ! |
This PR proposes adding more measured language around SSH3's current security status. Making absolute security claims about an early prototype could be misleading without extensive analysis and review over time.
To build community trust and encourage assistance accelerating SSH3's secure development, I've updated the messaging to:
I believe positioning SSH3's security more conservatively for now is prudent. It still shows intriguing promise improving on SSH2, but overstating protections too early can risk credibility and user security if vulnerabilities emerge later.
By being upfront about limitations and the need for review, my aim is to facilitate open community engagement accelerating SSH3 towards safe production readiness. I welcome any feedback, and hope these README updates might encourage capable security researchers to help validate and strengthen SSH3 moving forward!