added "known problems" to the README

author: elijah <elijah@riseup.net> 2013-04-22 15:50:07 -0700
committer: elijah <elijah@riseup.net> 2013-04-22 15:50:07 -0700
commit: fb66f8e30d302b7230d22112aebe2fcb4912c3f0 (patch)
tree: 3adacdd85f925f66ae4cf27d079c32dcdd0f820e
parent: 8eced68213046145963ae27e6e9495b9d5458b98 (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/README.md b/README.md
index 8a81dfb..7817c0e 100644
--- a/README.md
+++ b/README.md
@@ -21,6 +21,14 @@ For more information, see these files in the ``doc`` directory:
 * DEVELOP -- for developer notes.
 * CUSTOM -- how to customize.
 
+Known problems
+---------------------------
+
+* Client certificates are generated without a CSR. The problem is that this makes the web 
+application extremely vulnerable to denial of service attacks. This was not an issue until we 
+started to allow the possibility of anonymously fetching a client certificate without 
+authenticating first.
+
 Installation
 ---------------------------
 
@@ -75,4 +83,4 @@ To run all tests
 
 To run an individual test:
 
-    rake test TEST=certs/test/unit/client_certificate_test.rb
-\ No newline at end of file
+    rake test TEST=certs/test/unit/client_certificate_test.rb
author	elijah <elijah@riseup.net>	2013-04-22 15:50:07 -0700
committer	elijah <elijah@riseup.net>	2013-04-22 15:50:07 -0700
commit	fb66f8e30d302b7230d22112aebe2fcb4912c3f0 (patch)
tree	3adacdd85f925f66ae4cf27d079c32dcdd0f820e
parent	8eced68213046145963ae27e6e9495b9d5458b98 (diff)