.TP
.B "\-ephemeral"
The association with the peer is not intended to persist indefinitely.
-If a peer marked as ephemeral is killed, or the
+When a peer is killed, or the
.BR tripe (8)
-daemon is shut down, send a
+daemon is shut down, a
.B bye
-packet to the peer so that it forgets about us; if a peer marked as
-ephemeral sends us a
+packet is to the peer(s). If a peer marked as ephemeral sends us a
.B bye
packet then it is killed (but in this case no further
.B bye
-packet is sent). Peers not marked as ephemeral exhibit neither of these
-behaviours; each peer must have the other marked as ephemeral for the
-association to be fully torn down if either end kills the other.
+packet is sent). A
+.B bye
+packet from a peer which isn't marked as ephemeral leaves the peer alone
+in the hope that the connection can be reestablished.
.TP
.BI "\-keepalive " time
Send a no-op packet if we've not sent a packet to the peer in the last
.B KNOCK
notification stating the peer's (claimed) name and address. The server
will already have verified that the sender is using the peer's private
-key by this point. This option implies
+key by this point. Prior to version 1.6.0, this option used to imply
.BR \-ephemeral .
.TP
.B "\-mobile"
and if one succeeds, the server will update its idea of the peer's
address and emit an
.B NEWADDR
-notification. This option implies
+notification. Prior to version 1.6.0, this option used to imply
.BR \-ephemeral .
.TP
.BI "\-priv " tag
of arguments was wrong.
.SP
.BI "bad-time-spec " token
-The
+(For commands accepting a
+.I time
+argument.) The
.I token
is not a valid time interval specification. Acceptable time
specifications are nonnegative integers followed optionally by
.BR DAEMON .)
An error occurred during the attempt to become a daemon, as reported by
.IR message .
+See
+.B WARNINGS
+below for the meanings of
+.I ecode
+and
+.IR message .
.SP
.BI "disabled-address-family " afam
(For
.IR peer .
.SP
.B "ping-send-failed"
+(For
+.BR EPING .)
The attempt to send a ping packet failed, probably due to lack of
encryption keys.
.SP
.SP
.B "CHAL impossible-challenge"
The server hasn't issued any challenges yet. Quite how anyone else
-thought he could make one up is hard to imagine.
+thought they could make one up is hard to imagine.
.SP
.B "CHAL incorrect-tag"
Challenge received contained the wrong authentication data. It might be
.BI "KEYMGMT " which "-keyring " file " key " tag " unknown-serialization-format " ser
The key specifies the use of an unknown serialization format
.I ser
-for hashing group elements. Maybe the key was generated wrongly, or
-maybe the version of Catacomb installed is too old.
+for hashing group elements. Maybe the key was generated wrongly.
.SP
.BI "KEYMGMT " which "-keyring " file " key " tag " unsuitable-aead-cipher " cipher "no-aad"
The key specifies the use of an authenticated encryption scheme
.B naclbox
bulk transform rather than
.B aead
-for these
-(or switch to the IETF
+for these, or switch to one of the IETF
.IB cipher -poly1305
-schemes instead).
+schemes instead.
.SP
.BI "KEYMGMT " which "-keyring " file " key " tag " unsuitable-aead-cipher " cipher "nonce-too-small"
The key specifies the use of an authenticated encryption scheme
~mdw / tripe / blobdiff