--- /dev/null
+@node FAQ
+@unnumbered Frequently Asked Questions
+
+@table @asis
+
+@item Why do not you use TLS?
+It is complicated protocol. It uses Authenticate-then-Encrypt ordering
+of algorithms -- it is not secure. Moreover its libraries are huge and
+hard to read, review and analyze.
+
+@item Why do not you use SSH?
+Its first protocol versions used A-a-E ordering, however later ones
+supports even ChaCha20-Poly1305 algorithms. But its source code is not
+so trivial and rather big to read and review. OpenSSH does not support
+strong zero-knowledge password authentication.
+
+@item Why do not you use IPsec?
+It is rather good protocol, supported by all modern OSes. But it lacks
+strong zero-knowledge password authentication and, again, its code is
+hard to read.
+
+@item Why do not you use XXX?
+For the same reasons: most of software do not provide strong password
+authentication, high cryptographic protocol security, and most of this
+software is written in C -- it is hard to write right on it.
+
+@item Why GoVPN is written on Go?
+Go is very easy to read, review and support. It makes complex code
+writing a harder task. It provides everything needed to the C language:
+array bounds checking, garbage collection and concurrency primitives. It
+provides lesser performance (however my setup on the notebook gives more
+than 750 Mbps of throughput), but higher reliability and much fewer
+lines of code.
+
+@item Why do you authenticate with passphrases?
+Human is capable of memorizing rather long passphrases (not passwords):
+100-200 characters, that gives ability to use it as a high-entropy key.
+You need to trust only yourself, not hardware token or some other
+storage device. It is convenient.
+
+@item Why all network configuration must be done manually?
+Because there are so many use-cases and setups, so many various
+protocols, that either I support all of them, or use complicated
+protocol setups like PPP, or just give right of the choice to the
+administrator. VPN is only just a layer.
+
+@item Why there is no either OS X or Windows support?
+Any closed source proprietary systems do not give ability to control the
+computer. You can not securely use cryptography-related stuff without
+controlling the underlying computing device. Choose another operating
+system.
+
+@item What do you mean by perfect forward secrecy?
+You can not decrypt previously saved traffic by compromising long-lived
+keys. PFS property is per-session level: it won't protect from leaking
+the session key from the memory.
+
+@item What do you mean by saying that clients are anonymous?
+That third-party can not differentiate one client from another looking
+at the traffic (transport and handshake).
+
+@item What do you mean by censorship resistance?
+Unability to distinguish either is it GoVPN-traffic is passing by, or
+just @code{cat /dev/urandom | nc somehost}. If you can not differentiate
+one kind of traffic from another, then your only option is to forbid all
+kinds of it.
+
+@item When should I use @ref{Noise, noise} option?
+In most cases you won't need it without @ref{CPR, constant packer rate}
+turned on. Without CPR and noise options GoVPN traffic (like TLS, IPsec,
+SSH and other VPN protocols) leaks underlying interface's packets
+timestamps and sizes. You can run traffic analysis and predict what is
+going on in the network. With CPR option enabled you can tell either
+somebody is online, or not -- nothing less, nothing more.
+
+@item Can I DoS (denial of service) the daemon?
+Each transport packet is authenticated first with the very fast UMAC
+algorithm -- in most cases resource consumption of TCP/UDP layers will
+be higher then UMAC verifying. Each handshake message is processed only
+when an encrypted client's @ref{Identity, identity} is found: it uses
+fast PRP without any entropy usage.
+
+@end table