diff --git a/README.rst b/README.rst
index 48975cd..148cd55 100644
--- a/README.rst
+++ b/README.rst
@@ -5,10 +5,20 @@ sshd implementation in Go, for the sole purpose of restricting the ports that
 clients can request using direct-tcpip and tcpip-forward / forwarded-tcpip.
 
 OpenSSH so far refuses to merge patches to support this, but there is a fork of
-OpenSSH with patches that achieve something similar to this. [1]
+OpenSSH with patches that achieve something similar to this. [1]_
 
+You might like this server if:
 
-[1] https://github.com/antonyantony/openssh
+* You want to limit the addresses/ports clients can listen to and/or connect
+  to, something OpenSSH only implement for `direct-tcpip`, not for
+  `forwarded-tcpip`.
+* You want to support a lot of clients without having to fork() for every
+  client.
+* You want to use a ssh server written in a memory safe language, which
+  doesn't depend on OpenSSL or similar libraries.
+
+
+.. [1] https://github.com/antonyantony/openssh
 
 authorized_keys format
 ======================
@@ -31,8 +41,20 @@ capability on the resulting binary:
 
     setcap 'cap_net_bind_service=+ep' go-sshd
 
+In combination with the `forwarded-tcpip` feature this might allow processes to
+listen to priviledged ports, so be careful.
+
 Init script
 ===========
 
 There is an init script for gentoo/alpine (OpenRC) users. SSHD_LISTEN needs to
 be set in /etc/conf.d/go-sshd and the init-script goes in /etc/init.d/go-sshd
+
+Known issues / TODO
+===================
+
+* The current remoteports= and localports= syntax only supports single ports. It
+  might make sense to support ranges of ports, and also support host-port
+  combinations.
+* USR1 is not available on Windows, but otherwise the SSH server works fine on
+  Windows (just comment out the signal-related parts)
diff --git a/TODO b/TODO
deleted file mode 100644
index f79556e..0000000
--- a/TODO
+++ /dev/null
@@ -1,9 +0,0 @@
-* Make sure to not run this as root (setuid doesn't work well), so use NET capabilities
-* Allow limiting the hosts that one can connect to use direct-tcpip (right now
-  all hosts are allowed)
-* Allow lifting restrictions on what clients can bind on with forwarded-tcpip
-
-* Check assertions and TODOs.
-* Look if/where we want to set deadlines on open sockets
-* Go through all log.Println calls, and make sure they are unique(?) and
-  sensible, and are not too verbose, and/or hidden behind *verbose