Added tutorials.

[crypto.git] / doc / draft-riikonen-silc-pp-06.nroff

diff --git a/doc/draft-riikonen-silc-pp-06.nroff b/doc/draft-riikonen-silc-pp-06.nroff
index 4acfccd97f3de3cd2fccecc72760379424b352dc..6c511ffad81f82110f511e0f57de75a65500682d 100644 (file)
--- a/doc/draft-riikonen-silc-pp-06.nroff
+++ b/doc/draft-riikonen-silc-pp-06.nroff
@@ -2714,11 +2714,12 @@ Hence, packet's MAC generation is as follows:
 The MAC key is negotiated during the SKE protocol.  The sequence number
 is a 32 bit MSB first value starting from zero for first packet and
 increasing for subsequent packets, finally wrapping after 2^32 packets.
-The value is never reset, not even after rekey has been performed.  Note
-that the sequence number is incremented only when MAC is computed for a
-packet.  If packet is not encrypted and MAC is not computed then the
-sequence number is not incremented.  Hence, the sequence number is zero
-for first encrypted packet.
+The value is never reset, not even after rekey has been performed.
+However, rekey MUST be performed before the sequence number wraps
+and repeats from zero.  Note that the sequence number is incremented only
+when MAC is computed for a packet.  If packet is not encrypted and MAC is
+not computed then the sequence number is not incremented.  Hence, the
+sequence number is zero for first encrypted packet.
 
 See [SILC1] for defined and allowed MAC algorithms.
 
@@ -2755,7 +2756,8 @@ well, except that the `packet length' is now the SILC Packet Header
 length. 
 
 The padding MUST be random data, preferably, generated by 
-cryptographically strong random number generator.
+cryptographically strong random number generator for each packet
+separately.
 
 
 .ti 0