From 133008a65708b40abb09a5837466debe9d075557 Mon Sep 17 00:00:00 2001
From: Pekka Riikonen <priikone@silcnet.org>
Date: Sun, 4 Nov 2001 21:40:02 +0000
Subject: [PATCH] 	updates.

---
 CHANGES                                  | 10 ++++++++++
 doc/draft-riikonen-silc-ke-auth-04.nroff |  7 ++++---
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/CHANGES b/CHANGES
index d350218d..810b8b1e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,13 @@
+Sun Nov  4 23:37:28 EET 2001  Pekka Riikonen <priikone@silcnet.org>
+
+	* Fixed a security problem found in SKE.  The initiator's
+	  public key too is now added to the HASH hash value creation
+	  which is signed by the responder to create the SIGN value.
+	  This will prevent anyone in the middle to lie to the responder
+	  about the initiator's public key.  If this is done now, the
+	  man in the middle will get caught.  Updated the protocol
+	  specification.
+
 Sun Nov  4 11:43:53 EET 2001  Pekka Riikonen <priikone@silcnet.org>
 
 	* Better installation directory handling.  Configure module
diff --git a/doc/draft-riikonen-silc-ke-auth-04.nroff b/doc/draft-riikonen-silc-ke-auth-04.nroff
index 585479bc..ff32d17b 100644
--- a/doc/draft-riikonen-silc-ke-auth-04.nroff
+++ b/doc/draft-riikonen-silc-ke-auth-04.nroff
@@ -525,8 +525,8 @@ Setup:  p is a large and public safe prime.  This is one of the
 
     1.  Initiator generates a random number x, where 1 < x < q, 
         and computes e = g ^ x mod p.  The result e is then 
-        encoded into Key Exchange Payload and sent to the
-        responder.
+        encoded into Key Exchange Payload, with the public key
+        (or certificate) and sent to the responder.
 
         If the Mutual Authentication flag is set then initiator
         MUST also produce signature data SIGN_i which the responder
@@ -539,7 +539,8 @@ Setup:  p is a large and public safe prime.  This is one of the
         and computes f = g ^ y mod p.  It then computes the
         shared secret KEY = e ^ y mod p, and, a hash value 
         HASH = hash(Key Exchange Start Payload data | public 
-        key (or certificate) | e | f | KEY).  It then signs
+        key (or certificate) | Initiator's public key (or
+        certificate) | e | f | KEY).  It then signs
         the HASH value with its private key resulting a signature
         SIGN.  
 
-- 
2.24.0