X-Git-Url: http://git.silcnet.org/gitweb/?a=blobdiff_plain;f=doc%2Fdraft-riikonen-silc-ke-auth-02.nroff;h=56f3d0bdd2193017b1dde412b1ab5adc8bf43d22;hb=73583bd1ba302719fa687b8fa6b7619205ac4f33;hp=0a63644baaccef54a6b2a35b1d572b2d1622bb6c;hpb=5159d7204e05ab1fbefdc5fd351ec4da021ce577;p=silc.git

diff --git a/doc/draft-riikonen-silc-ke-auth-02.nroff b/doc/draft-riikonen-silc-ke-auth-02.nroff
index 0a63644b..56f3d0bd 100644
--- a/doc/draft-riikonen-silc-ke-auth-02.nroff
+++ b/doc/draft-riikonen-silc-ke-auth-02.nroff
@@ -402,6 +402,15 @@ two SILC clients.  In normal case, where client is connecting to the
 server or server is connecting to the router the Mutual Authentication
 flag is not necessary.
 
+When performing re-key with PFS selected this is the only payload that
+is sent in the SKE protocol.  The Key Exchange Start Payload is not sent
+at all.  However, this payload does not have all the fields present.
+In re-key with PFS the public key and a possible signature data should
+not be present.  If they are present they must be ignored.  The only
+field that is present is the public data that is used to create the
+new key material.  In the re-key the Mutual Authentication flag must
+also be ignored.
+
 This payload is sent inside SILC_PACKET_KEY_EXCHANGE_1 and inside
 SILC_PACKET_KEY_EXCHANGE_2 packet types.  The initiator uses the 
 SILC_PACKET_KEY_EXCHANGE_1 and the responder the latter.