X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=README;h=c27375ab7bf563702272c62870e4d51222518331;hb=1b8af2f7f86131a5364f2270865895ea597c591e;hp=da1ea0ba640ef9fc6e0820339b6b7921676ad628;hpb=781634ba3f3370c006931f55292122d56b230324;p=secnet.git

diff --git a/README b/README
index da1ea0b..c27375a 100644
--- a/README
+++ b/README
@@ -18,7 +18,7 @@ secnet is
   Copyright 1995-2003 Peter Benie
   Copyright 2011      Richard Kettlewell
   Copyright 2012      Matthew Vernon
-  Copyright 2013-2017 Mark Wooding
+  Copyright 2013-2019 Mark Wooding
   Copyright 1995-2013 Simon Tatham
 
 secnet is distributed under the terms of the GNU General Public
@@ -315,7 +315,8 @@ Defines:
   syslog (closure => log closure)
 
 logfile: dict argument
-  filename (string): where to log to
+  filename (string): where to log to; default is stderr
+  prefix (string): added to messages [""]
   class (string list): what type of messages to log
     { "debug-config", M_DEBUG_CONFIG },
     { "debug-phase", M_DEBUG_PHASE },
@@ -395,8 +396,9 @@ site: dict argument
     packet [5; mobile: 30]
   setup-timeout (integer): time between retransmissions of key negotiation
     packets, in ms [2000; mobile: 1000]
-  wait-time (integer): after failed key setup, wait this long (in ms) before
-    allowing another attempt [20000; mobile: 10000]
+  wait-time (integer): after failed key setup, wait roughly this long
+    (in ms) before allowing another attempt [20000; mobile: 10000]
+    Actual wait time is randomly chosen between ~0.5x and ~1.5x this.
   renegotiate-time (integer): if we see traffic on the link after this time
     then renegotiate another session key immediately (in ms)
     [half key-lifetime, or key-lifetime minus 5 mins (mobile: 12 hours),
@@ -544,6 +546,22 @@ tun: dict argument
 I recommend you don't specify the 'interface' option unless you're
 doing something that requires the interface name to be constant.
 
+** privcache
+
+Cache of dynamically loaded private keys.
+
+Defines:
+  priv-cache (closure => privcache closure)
+
+priv-cache: dict argument
+  privkeys (string): path prefix for private keys.  Each key is
+    looked for at this path prefix followed by the 10-character 
+    hex key id.
+  privcache-size (integer): optional, maximum number of private
+    keys to retain at once. [5]
+  privkey-max (integer): optional, maximum size of private key
+    file in bytes. [4095]
+
 ** rsa
 
 Defines: