Import release 0.1.13

[secnet.git] / NOTES

diff --git a/NOTES b/NOTES
index ae65e4cecf58759b67b66278bda916a58decc5f6..dd78b121e97758dfe10fdc7e552c5e77f77dd30f 100644 (file)
--- a/NOTES
+++ b/NOTES
@@ -113,6 +113,22 @@ networks a b c ...
 pubkey x y z: x=keylen, y=encryption key, z=modulus
 mobile: declare this to be a 'mobile' site
 
+** Logging etc.
+
+There are several possible ways of running secnet:
+
+'reporting' only: --version, --help, etc. command line options and the
+--just-check-config mode.
+
+'normal' run: perform setup in the foreground, and then background.
+
+'failed' run: setup in the foreground, and terminate with an error
+before going to background.
+
+'reporting' modes should never output anything except to stdout/stderr.
+'normal' and 'failed' runs output to stdout/stderr before
+backgrounding, then thereafter output only to log destinations.
+
 ** Protocols
 
 *** Protocol environment:
@@ -166,6 +182,11 @@ i? is appropriate index for receiver
 Note that 'i' may be re-used from one session to the next, whereas 'n'
 is always fresh.
 
+The protocol version selection stuff is not yet implemented: I'm not
+yet convinced it's a good idea.  Instead, the initiator could try
+using its preferred protocol (which starts with a different magic
+number) and fall back if there's no reply.
+
 Messages:
 
 1) A->B: *,iA,msg1,A,B,protorange-A,nA
@@ -215,9 +236,7 @@ retransmit or confirm reception. It is suggested that this message be
 sent when a key times out, or the tunnel is forcibly terminated for
 some reason.
 
-XXX not yet implemented.
-
-8) i?,i?,NAK/msg8
+8) i?,i?,NAK (encoded as zero)
 
 If the link-layer can't work out what to do with a packet (session has
 gone away, etc.) it can transmit a NAK back to the sender.  The sender