From 7fc8dd7ea936f451a399f2d2437831e3643aa2fa Mon Sep 17 00:00:00 2001
From: Henry Case <kris@amongbytes.com>
Date: Thu, 7 Jan 2021 23:57:00 +0000
Subject: [PATCH] Create README.md

---
 README.md | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..289a4ba
--- /dev/null
+++ b/README.md
@@ -0,0 +1,7 @@
+# OPTEE OpenSSL ENGINE for TLS
+
+Typically, a TLS server uses a X509 Certificate and associated Private Key in order to sign TLS session. Both certificate and private key used for
+signing the certificate form a asymmetric cryptographic key-pair. Revealing the traffic-private-key makes it possible to perform men-in-the-middle
+type of attacks. Typically private-key is stored on the server’s hard disk. Even if it is stored in encrypted form, at some point HTTPS server 
+needs to have a possibility to decrypt it in order to use for signing. It means that at runtime the key in plaintext will be available in a memory
+of a HTTPS process. In case of software errors (see [Heartbleed](https://heartbleed.com/).