X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=NOTES;fp=NOTES;h=8f92f6911fa203ec97f38dbec352fabb77655895;hb=87af7c8c0f58eea212ec1207d0d343a509c5e7df;hp=ca8c04ac70f0092fd32cd41e1cc4477686279f66;hpb=8e4308946bcdb5e62380cff7373d558518745eec;p=secnet.git

diff --git a/NOTES b/NOTES
index ca8c04a..8f92f69 100644
--- a/NOTES
+++ b/NOTES
@@ -188,9 +188,10 @@ When deciding which public keys to accept, a relier should:
 
 In configuration and key management, long-term private and public keys
 are octet strings.  Private keys are generally stored in disk files,
-one key per file.  The octet string for a private key must identify
-the algorithm (although actually this is wrong and are going to change
-it later)..  The octet string for a public key need not identify the
+one key per file.  The octet string for a private key should identify
+the algorithm so that passing the private key to the code for the 
+wrong algorithm does not produce results which would leak or weaken
+the key.  The octet string for a public key need not identify the
 algorithm; when it's loaded the algorithm will be known from context.
 
 The group id 00000000 is special.  It should contain only one key,