diff --git a/src/lib/transport/Connection.mjs b/src/lib/transport/Connection.mjs
index 70c5253..6bc389b 100644
--- a/src/lib/transport/Connection.mjs
+++ b/src/lib/transport/Connection.mjs
@@ -177,6 +177,9 @@ class Connection extends EventEmitter {
 		
 		// TODO: Consider anonymous TLS, with jpake for mututal authentication
 		// TODO: Consider https://devdocs.io/node/crypto#crypto.createCipheriv() - which lets us use any openssl ciphers we like - e.g. ChaCha20-Poly1305
+		
+		// TODO: We're currently vulnerable to a replay attack. We need to mitigate this somehow.
+		
 		let payload = JSON.stringify({ event, message });
 		payload = encrypt_bytes(
 			this.session_key,