Do NOT open a public issue for security vulnerabilities.

Instead, please report via one of:

1. GitHub Security Advisories: https://github.com/igorls/meshguard/security/advisories/new
2. Email: Contact the maintainer directly

• Description of the vulnerability
• Steps to reproduce
• Affected versions
• Potential impact

• Acknowledgment: within 48 hours
• Initial assessment: within 7 days
• Fix timeline: depends on severity (critical: 7 days, medium: 30 days)

• ChaCha20-Poly1305 encryption (WireGuard-compatible)
• Ed25519 identity keys
• Noise_IKpsk2 handshake with anti-replay
• Decentralized trust (no central authority)
• Org PKI for fleet trust
• Key rotation every 120 seconds

See docs/concepts/security.md for full security model documentation.