Update readme

README.md

@@ -276,7 +276,52 @@ Compatibility
 
 Tested with ejabberd and mongooseim.
 
+Security Considerations
+-----------------------
+
+[libstrophe](https://github.com/strophe/libstrophe.git) does not verify
+the TLS server certificates. Sessions can be MITM'ed.
+
+libstrophe has support for TLS certificate verification on a
+[branch](https://github.com/strophe/libstrophe/tree/tls-cert).
+
+[libmesode](https://github.com/boothj5/libmesode.git) supports TLS
+certificate verification.
+
+License
+-------
+
+Copyright (c) 2015-2016, Michael Santos <michael.santos@gmail.com>
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
 TODO
 ----
 
-* TLS support
+* Support TLS certificate verification
+
+  Switch to using [libmesode](https://github.com/boothj5/libmesode)
+
+* support [XEP-0384: OMEMO Encryption](https://xmpp.org/extensions/xep-0384.html)
+
+* sandbox
+
+  After connecting to the XMPP server, xmppipe reads from stdin, writes
+  to stdout and read/writes from the network socket.
+
+  Drop additional capabilities using OS-specific sandboxes:
+
+  * OpenBSD: pledge(2)
+  * Linux: BPF syscall filtering using prctl(2) or seccomp(2)
+  * FreeBSD: capabilities using capsicum(4)
+  * any: setrlimit(2)