applicable. They may also appear in MSG1, but this is not
guaranteed. MSG4 must advertise the same set as MSG2.
-No capability flags are currently defined. Unknown capability flags
-should be treated as late ones.
+Currently, the low 16 bits are allocated for negotiating bulk-crypto
+transforms. Bits 8 to 15 are used by Secnet as default capability
+numbers for the various kinds of transform closures: bit 8 is for the
+original CBCMAC-based transform, and bit 9 for the new EAX transform;
+bits 10 to 15 are reserved for future expansion. The the low eight bits
+are reserved for local use, e.g., to allow migration from one set of
+parameters for a particular transform to a different, incompatible set
+of parameters for the same transform. Bit 31, if advertised by both
+ends, indicates that a mobile end gets priority in case of crossed MSG1.
+The remaining bits have not yet been assigned a purpose.
+
+Whether a capability number is early depends on its meaning, rather than
+being a static property of its number. That said, the mobile-end-gets
+priority bit (31) is always sent as an `early' capability bit.
MTU handling
Messages:
-1) A->B: *,iA,msg1,A+,B+,nA
+1) A->B: i*,iA,msg1,A+,B+,nA
i* must be encoded as 0. (However, it is permitted for a site to use
zero as its "index" for another site.)