updates.

[silc.git] / doc / draft-riikonen-silc-ke-auth-02.nroff

diff --git a/doc/draft-riikonen-silc-ke-auth-02.nroff b/doc/draft-riikonen-silc-ke-auth-02.nroff
index 0a63644baaccef54a6b2a35b1d572b2d1622bb6c..56f3d0bdd2193017b1dde412b1ab5adc8bf43d22 100644 (file)
--- a/doc/draft-riikonen-silc-ke-auth-02.nroff
+++ b/doc/draft-riikonen-silc-ke-auth-02.nroff
@@ -402,6 +402,15 @@ two SILC clients.  In normal case, where client is connecting to the
 server or server is connecting to the router the Mutual Authentication
 flag is not necessary.
 
+When performing re-key with PFS selected this is the only payload that
+is sent in the SKE protocol.  The Key Exchange Start Payload is not sent
+at all.  However, this payload does not have all the fields present.
+In re-key with PFS the public key and a possible signature data should
+not be present.  If they are present they must be ignored.  The only
+field that is present is the public data that is used to create the
+new key material.  In the re-key the Mutual Authentication flag must
+also be ignored.
+
 This payload is sent inside SILC_PACKET_KEY_EXCHANGE_1 and inside
 SILC_PACKET_KEY_EXCHANGE_2 packet types.  The initiator uses the 
 SILC_PACKET_KEY_EXCHANGE_1 and the responder the latter.