From fb66f8e30d302b7230d22112aebe2fcb4912c3f0 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Mon, 22 Apr 2013 15:50:07 -0700
Subject: added "known problems" to the README

---
 README.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 8a81dfb..7817c0e 100644
--- a/README.md
+++ b/README.md
@@ -21,6 +21,14 @@ For more information, see these files in the ``doc`` directory:
 * DEVELOP -- for developer notes.
 * CUSTOM -- how to customize.
 
+Known problems
+---------------------------
+
+* Client certificates are generated without a CSR. The problem is that this makes the web 
+application extremely vulnerable to denial of service attacks. This was not an issue until we 
+started to allow the possibility of anonymously fetching a client certificate without 
+authenticating first.
+
 Installation
 ---------------------------
 
@@ -75,4 +83,4 @@ To run all tests
 
 To run an individual test:
 
-    rake test TEST=certs/test/unit/client_certificate_test.rb
\ No newline at end of file
+    rake test TEST=certs/test/unit/client_certificate_test.rb
-- 
cgit v1.2.3