-@itemize @bullet
-@item Compromising of passphrase files on either server or client side
-allows attacker to masquerade himself a client.
-@item To prevent compromising of keys on the client side, one needs some
-kind of passphrase protected secure storage (like either PGP with
-decryption to the memory, or full-disk encryption).
-@end itemize
-
-Overall security on the client side is concentrated in passphrase
-(high-entropy password), so it is convenient to use it in GoVPN
-directly, without static on-disk keys. That is why we use passphrase
-authenticated key agreement.