X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=README;h=88dd48b6d20693c281dfd663a3d23cb7497d995e;hb=4a154ed59298f7beb13eb28bd380fe864e869c30;hp=da1ea0ba640ef9fc6e0820339b6b7921676ad628;hpb=781634ba3f3370c006931f55292122d56b230324;p=secnet.git diff --git a/README b/README index da1ea0b..88dd48b 100644 --- a/README +++ b/README @@ -18,7 +18,7 @@ secnet is Copyright 1995-2003 Peter Benie Copyright 2011 Richard Kettlewell Copyright 2012 Matthew Vernon - Copyright 2013-2017 Mark Wooding + Copyright 2013-2019 Mark Wooding Copyright 1995-2013 Simon Tatham secnet is distributed under the terms of the GNU General Public @@ -193,6 +193,17 @@ Usage: secnet [OPTION]... --help display this help and exit --version output version information and exit +* base91s + +secnet defines a variant of the base91 encoding `basE91', from + http://base91.sourceforge.net/ + +base91s is the same as baseE91 except that: + - in the encoded charset, `"' is replaced with `-' + - spaces, newlines etc. and other characters outside the charset + are not permitted (although in some places they may be ignored, + this is not guaranteed). + * secnet builtin modules ** resolver @@ -315,7 +326,8 @@ Defines: syslog (closure => log closure) logfile: dict argument - filename (string): where to log to + filename (string): where to log to; default is stderr + prefix (string): added to messages [""] class (string list): what type of messages to log { "debug-config", M_DEBUG_CONFIG }, { "debug-phase", M_DEBUG_PHASE }, @@ -395,8 +407,9 @@ site: dict argument packet [5; mobile: 30] setup-timeout (integer): time between retransmissions of key negotiation packets, in ms [2000; mobile: 1000] - wait-time (integer): after failed key setup, wait this long (in ms) before - allowing another attempt [20000; mobile: 10000] + wait-time (integer): after failed key setup, wait roughly this long + (in ms) before allowing another attempt [20000; mobile: 10000] + Actual wait time is randomly chosen between ~0.5x and ~1.5x this. renegotiate-time (integer): if we see traffic on the link after this time then renegotiate another session key immediately (in ms) [half key-lifetime, or key-lifetime minus 5 mins (mobile: 12 hours), @@ -544,12 +557,34 @@ tun: dict argument I recommend you don't specify the 'interface' option unless you're doing something that requires the interface name to be constant. +** privcache + +Cache of dynamically loaded private keys. + +Defines: + priv-cache (closure => privcache closure) + +priv-cache: dict argument + privkeys (string): path prefix for private keys. Each key is + looked for at this path prefix followed by the 10-character + hex key id. + privcache-size (integer): optional, maximum number of private + keys to retain at once. [5] + privkey-max (integer): optional, maximum size of private key + file in bytes. [4095] + ** rsa Defines: + sigscheme algorithm 00 "rsa1" rsa-private (closure => rsaprivkey closure) rsa-public (closure => rsapubkey closure) +rsa1 sigscheme algorithm: + private key: SSH private key file, version 1, no password + public key: SSH public key file, version 1 + (length, restrictions, email, etc., ignored) + rsa-private: string[,bool] arg1: filename of SSH private key file (version 1, no password) arg2: whether to check that the key is usable [default True]