.RB [ \-D ]
.RB [ \-d
.IR dir ]
+.RB [ \-b
+.IR addr ]
.RB [ \-p
.IR port ]
+.br
+
.RB [ \-U
.IR user ]
.RB [ \-G
.IR group ]
+.RB [ \-a
+.IR socket ]
+.RB [ \-T
+.IR trace-opts ]
.br
.RB [ \-k
.IR pub-keyring ]
.RB [ \-t
.IR key-tag ]
-.br
-
-.RB [ \-a
-.IR socket ]
-.RB [ \-T
-.IR trace-opts ]
.SH "DESCRIPTION"
The
.B tripe
.B .
if you don't want it to change directory at all.
.TP
+.BI "\-b, \-\-bind-address="addr
+Bind the UDP socket to IP address
+.I addr
+rather than the default of
+.BR INADDR_ANY .
+This is useful if your main globally-routable IP address is one you want
+to tunnel through the VPN.
+.TP
.BI "\-p, \-\-port=" port
Use the specified UDP port for all communications with peers, rather
than an arbitarary kernel-assigned port.
.hP 7.
Congratulations. The two servers will exchange keys and begin sending
packets almost immediately. You've set up a virtual private network.
+.SS "Using elliptic curve keys"
+The
+.B tripe
+server can use elliptic curve Diffie-Hellman for key exchange, rather
+than traditional integer Diffie-Hellman. Given current public
+knowledge, elliptic curves can provide similar or better security to
+systems based on integer discrete log problems, faster, and with less
+transmitted data. It's a matter of controversy whether this will
+continue to be the case. The author uses elliptic curves.
+.PP
+The server works out which it
+should be doing based on the key type, which is either
+.B tripe\-dh
+for standard Diffie-Hellman, or
+.B tripe\-ec
+for elliptic curves. To create elliptic curve keys, say something like
+.VS
+key add \-aec\-param \-Cnist-p192 \-eforever \e
+ \-tparam tripe\-ec\-param
+.VE
+to construct a parameters key, using your preferred elliptic curve in
+the
+.B \-C
+option (see
+.BR key (1)
+for details); and create the private keys by
+.VS
+key add \-aec \-pparam \-talice \e
+ \-e"now + 1 year" tripe\-ec
+.VE
+Now start
+.B tripe
+with the
+.B \-ttripe\-ec
+option, and all should be well.
+.SS "Using other symmetric algorithms"
+The default symmetric algorithms
+.B tripe
+uses are Blowfish (by Schneier) for symmetric encryption, and RIPEMD-160
+(by Dobbertin, Bosselaers and Preneel) for hashing and as a MAC (in HMAC
+mode, designed by Bellare, Canetti and Krawczyk). These can all be
+overridden by setting attributes on your private key, as follows.
+.TP
+.B cipher
+Names the symmetric encryption scheme to use. The default is
+.BR blowfish\-cbc .
+.TP
+.B hash
+Names the hash function to use. The default is
+.BR rmd160 .
+.TP
+.B mac
+Names the message authentication code to use. The name of the MAC may
+be followed by a
+.RB ` / '
+and the desired tag length in bits. The default is
+.IB hash \-hmac
+at half the underlying hash function's output length.
+.TP
+.B mgf
+A `mask-generation function', used in the key-exchange. The default is
+.IB hash \-mgf
+and there's no good reason to change it.
.SS "About the name"
The program's name is
.BR tripe ,