Merge tag '0.5.3' into debian

0.5.3

1 files changed, 19 insertions, 2 deletions

diff --git a/README.md b/README.md
index 05ca21d..c5326c1 100644
--- a/README.md
+++ b/README.md
@@ -35,12 +35,17 @@ confirmation
 You can use the `--*-confirmed` options (e.g.`--comment-confirmed`) to add keys for which you want to be asked on each use through the filter.
 The confirmation is done in the same way as when you `ssh-add -c` a key to your `ssh-agent`, but the question will contain some additional information extracted from the sign request.
 
+These types of sign requests are dissected:
+* ssh connections
+* authentications with `libpam-ssh-agent-auth`
+* ssh certificates
+
 
 how it works
 ------------
 
-ssh-agent-filter provides a socket interface identical to that of a normal ssh-agent.
-We don't keep private key material, but delegate requests to the upstream ssh-agent after checking if the key is allowed.
+`ssh-agent-filter` provides a socket interface identical to that of a normal `ssh-agent`.
+We don't keep private key material, but delegate requests to the upstream `ssh-agent` after checking if the key is allowed.
 
 The following requests are implemented:
 * `SSH2_AGENTC_REQUEST_IDENTITIES`:
@@ -58,3 +63,15 @@ The following requests are implemented:
   * success is returned without doing anything
 
 Requests to add or remove keys and to (un)lock the agent are refused
+
+
+threat model
+------------
+
+We assume trusted:
+* the user invoking our software
+* the upstream ssh-agent
+* the user giving or declining confirmation
+
+We assume untrusted:
+* any connection from clients on our listening socket