distributed.camp / i2p-python
A Python port of the Invisible Internet Project (I2P)
fork atom
i2p-python / SECURITY.md
at main 1.3 kB view raw view code
bimo.studio feat: initial public release of i2p-python
65a1e8dc

Security Policy#

Supported Versions#

Version Supported
0.x Yes

Reporting a Vulnerability#

Do not open a public issue for security vulnerabilities.

Email security reports to: security@bimo.studio

Include:

  • Description of the vulnerability
  • Steps to reproduce
  • Affected component (crypto, transport, SAM, router, etc.)
  • Impact assessment if known

We will acknowledge receipt within 48 hours and provide an initial assessment within 7 days.

Scope#

This project implements cryptographic protocols (AES-256-CBC, ChaCha20-Poly1305, Ed25519, X25519, ElGamal, Noise XK) and anonymous network transports (NTCP2, SSU2). Security issues in any of these components are considered critical.

Areas of particular interest:

  • Timing side channels in crypto operations
  • Nonce reuse or overflow in stream ciphers
  • Key material exposure in memory or logs
  • Authentication bypass in SAM bridge
  • Deanonymization vectors in tunnel construction

Disclosure Policy#

We follow coordinated disclosure. We will:

  1. Confirm the vulnerability
  2. Develop and test a fix
  3. Release a patched version
  4. Credit the reporter (unless anonymity is requested)

We aim to release fixes within 30 days of confirmation.