document library scope: connection continuity vs out-of-scope client concerns#61
Merged
Merged
Conversation
…concerns Add a Scope section to the README that states the project is a tunnel encryption library, not a VPN client. It lists what the library provides for connection continuity (authenticated roaming, reliable handshake, rekey/resumption/idle reaping) and what stays the integrating application's responsibility (reconnect after a full disconnect, DNS leak prevention, kill-switch, TUN device and system routing). Each boundary is a flat statement of what the library does not do, not instructions on how to build leak protection. The wording avoids guarantee words (no "leak-proof", no "secures"), states that it describes the software rather than security or legal advice, and points at the MIT as-is, no-warranty terms.
pzverkov
force-pushed
the
docs/library-scope-clarification
branch
from
6f8402a to
45be4e6
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a Scope section to the README making the library/VPN-client boundary explicit, worded for legal clarity.
Why: the library encrypts and authenticates bytes over a
net.Conn/UDP socket and stays below system network config. Readers evaluating it for a leak-proof VPN should know what it does and does not cover - without the README itself making guarantees or giving security advice.What the library gives you (connection continuity): authenticated roaming (a session can survive NAT rebind / network switch via connection-index demux), reliable handshake retransmission, rekey / resumption / idle reaping.
Outside scope (the client's responsibility): reconnect after a full disconnect, DNS leak prevention, kill-switch, TUN device + system routing - each stated as a flat "the library does not do X", not as how-to instructions.
Legal-clarity wording: no guarantee words (dropped "leak-proof" and "secures"); each out-of-scope item is a boundary, not advice; an explicit note that the text describes the software, not security or legal advice, under the MIT as-is / no-warranty terms.
Docs-only, no code change.