From 4f3054a36473a893c976b2b2034e0c91963a669a Mon Sep 17 00:00:00 2001
From: Gavin Birch <13985253+gavinly@users.noreply.github.com>
Date: Thu, 2 Jun 2022 13:46:45 -0400
Subject: [PATCH] Update security.md (#1)

proofread--great work! i've proposed some minor formatting changes and a few minor edits
i personally would feel fine showing this to Connext team, Bware, p2p, but lmk what you need/want to help get it where you want it
---
 security.md | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/security.md b/security.md
index c03c085..149a998 100644
--- a/security.md
+++ b/security.md
@@ -2,7 +2,9 @@
 
 (starting doc: https://connext.academy/routers/how-to-improve-router-security-by-p2p/)
 
-**include a blurb about why security is important for the router and also the network as a whole, eg: the better the collective security...**
+**include a blurb about why security is important for the router operator and also the network as a whole, eg: the better the collective security...**
+
+**include a blurb about Knowable's strategy, eg: we run our router assuming that our Router operator machine will be compromised"
 
 ***
 ## Unexpected Docker/UFW Interaction -- Securing the Router's API Endpoint
@@ -38,9 +40,9 @@ Restart Docker-Compose after making the change. The endpoint should now only be
 ***
 ## Admin Token Best Practices
 
-**Check: is REST API still implemented in Amarok? Doc page seems to have been removed**
+***[To verify: is REST API still implemented in Amarok? Doc page seems to have been removed]***
 
-Each router has an **Admin Token** which is a string chosen by the operator and set in its `config.json`.
+Each Router has an **Admin Token**, which is a string chosen by the operator and set in its `config.json`.
 
 The Admin Token is used to authenticate requests made to the Router's REST API endpoint and must be kept secret.
 
@@ -88,7 +90,7 @@ Please be aware that each Router's **Recipient** and **Owner** addresses can be
 ***
 ## Protecting Your Router's Private Key
 
-**A little more research needed: any specific problems (eg: griefing, double spend) either for individual operator or network/users that result from a compromised router colluding with a user? Or is it just best practices?**
+**A little more research needed: any specific problems (eg: griefing, double spend) either for individual operator or network/users that result from a compromised Router colluding with a user? Or is it just best practices?**
 
 Avoid operating your Router with your private key or mnemonic stored in plaintext. While it's possible to use a mnemonic in `config.json` or stored unencrypted in a `key.yml` file (as in `key.example.yml`), these should be considered for testing purposes only.