updates.

[silc.git] / doc / draft-riikonen-silc-ke-auth-02.nroff

diff --git a/doc/draft-riikonen-silc-ke-auth-02.nroff b/doc/draft-riikonen-silc-ke-auth-02.nroff
index 0a63644baaccef54a6b2a35b1d572b2d1622bb6c..56f3d0bdd2193017b1dde412b1ab5adc8bf43d22 100644 (file)
--- a/doc/draft-riikonen-silc-ke-auth-02.nroff
+++ b/doc/draft-riikonen-silc-ke-auth-02.nroff
@@ -402,6 +402,15 @@ two SILC clients.  In normal case, where client is connecting to the
 server or server is connecting to the router the Mutual Authentication
 flag is not necessary.
 
 server or server is connecting to the router the Mutual Authentication
 flag is not necessary.
 

+When performing re-key with PFS selected this is the only payload that
+is sent in the SKE protocol.  The Key Exchange Start Payload is not sent
+at all.  However, this payload does not have all the fields present.
+In re-key with PFS the public key and a possible signature data should
+not be present.  If they are present they must be ignored.  The only
+field that is present is the public data that is used to create the
+new key material.  In the re-key the Mutual Authentication flag must
+also be ignored.
+

 This payload is sent inside SILC_PACKET_KEY_EXCHANGE_1 and inside
 SILC_PACKET_KEY_EXCHANGE_2 packet types.  The initiator uses the 
 SILC_PACKET_KEY_EXCHANGE_1 and the responder the latter.
 This payload is sent inside SILC_PACKET_KEY_EXCHANGE_1 and inside
 SILC_PACKET_KEY_EXCHANGE_2 packet types.  The initiator uses the 
 SILC_PACKET_KEY_EXCHANGE_1 and the responder the latter.