diff --git a/subrosa_analysis.md b/subrosa_analysis.md
new file mode 100644
index 0000000..383acea
--- /dev/null
+++ b/subrosa_analysis.md
@@ -0,0 +1,30 @@
+# Sub Rosa Analysis 
+Once you have a fully-working client and server for encrypted chat, let's
+analyze potential vulnerabilities of the system. Answer the following
+questions in `subrosa_analysis.md`.
+
+1. When you interact with the server at `https://subrosa.makingwithcode.org`,
+   you have no way of knowing what code is running. If the people running
+   the server are dishonest, is it possible for them to read your encrypted
+   messages? If so, explain how. If not, explain why not.
+
+
+2. Is it possible to impersonate another user, sending messages in their name?
+   If so, explain how--or demonstrate this with code. If not, explain why not.
+
+
+3. You can use a signature (a message and its encrypted version) to prove you
+   have a private key, without sharing the key itself. After you send someone
+   a signature, what stops them from using the same signature to later
+   impersonate you?
+
+
+4. On most websites, you can reset your password if you forget it, via a link
+   sent to your email or a code sent to your phone. If you lose your private
+   key, would it be possible to recover your messages?
+
+
+5. Even if you can't read other peoples' messages, you can see the sender and the
+   recipient for each message. Is this a big deal? Could the server be redesigned
+   so that the sender and the recipient are also encrypted?
+