X-Git-Url: http://git.silcnet.org/gitweb/?a=blobdiff_plain;f=doc%2Fdraft-riikonen-silc-spec-02.nroff;h=d945f2aa1270eba1e1183c5f72d930aea5da5910;hb=73583bd1ba302719fa687b8fa6b7619205ac4f33;hp=734a32c30fc9fec94068e162df608a4fd86a8e33;hpb=5159d7204e05ab1fbefdc5fd351ec4da021ce577;p=silc.git

diff --git a/doc/draft-riikonen-silc-spec-02.nroff b/doc/draft-riikonen-silc-spec-02.nroff
index 734a32c3..d945f2aa 100644
--- a/doc/draft-riikonen-silc-spec-02.nroff
+++ b/doc/draft-riikonen-silc-spec-02.nroff
@@ -1787,6 +1787,13 @@ and the protocol results to new key material.  See [SILC3] for more
 information.  After the SILC_PACKET_REKEY packet is sent the sender
 will perform the SKE protocol.
 
+If PFS flag was set the resulted key material is processed as described
+in the section Processing the Key Material in [SILC3].  The difference
+with re-key in the processing is that the initial data for the hash 
+function is just the resulted key material and not the HASH as it
+is not computed at all with re-key.  Other than that, the key processing
+it equivalent to normal SKE negotiation.
+
 If PFS flag was not set, which is the default case, then re-key is done
 without executing SKE protocol.  In this case, the new key is created by
 providing the current sending encryption key to the SKE protocol's key