For a private mesh between trusted nodes (your use case), FIPS is solid. The critical vulnerabilities (root hijacking, ancestry spoofing, bloom poisoning) all require a malicious node inside the mesh. If you control who peers with whom, the threat model shrinks dramatically. For a public, permissionless mesh — which is the stated long-term goal — items 1, 2, 4, and 6 need to be solved before it's safe.

Gist

security audit of FIPS

security audit of FIPS. GitHub Gist: instantly share code, notes, and snippets.