.so ../common/defs.man \" @@@PRE@@@
.
.\"--------------------------------------------------------------------------
-.TH tripe 8 "10 February 2001" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
+.TH tripe 8tripe "10 February 2001" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
.
.\"--------------------------------------------------------------------------
.SH "NAME"
.IR group ]
.RB [ \-a
.IR socket ]
+.RB [ \-m
+.IR mode ]
.RB [ \-T
.IR trace-opts ]
.br
administration socket.
.TP
.BI "\-G, \-\-setgid=" group
-Set gid to that of
+If the current effective uid is zero (i.e., the daemon was invoked as
+.BR root )
+then set gid to that of
.I group
-(either a group name or integer gid) after initialization.
+(either a group name or integer gid) after initialization. In any
+event, arrange hat the administration socket be owned by the given
+.IR group .
.TP
.BI "\-k, \-\-priv\-keyring=" file
Reads the private key from
.B "\*(/s/tripesock"
is used instead.
.TP
+.BI "\-m, \-\-admin\-perms=" mode
+Permissions (as an octal number) to set on the administration socket. The
+default is 600, which allows only the socket owner. Setting 660 allows
+members of the
+.I group
+configured through the
+.B \-G
+option to connect to the socket, which may be useful. Allowing world access
+is a terrible idea.
+.TP
.BI "\-T, \-\-trace=" trace-opts
Allows the enabling or disabling of various internal diagnostics. See
below for the list of options.
mode, designed by Bellare, Canetti and Krawczyk). These can all be
overridden by setting attributes on your private key, as follows.
.TP
+.B bulk
+Names the bulk-crypto transform to use. See below.
+.TP
+.B blkc
+Names a block cipher, used by some bulk-crypto transforms (e.g.,
+.BR iiv ). The default is to use the block cipher underlying the chosen
+.BR cipher ,
+if any.
+.TP
.B cipher
Names the symmetric encryption scheme to use. The default is
.BR blowfish\-cbc .
A `mask-generation function', used in the key-exchange. The default is
.IB hash \-mgf
and there's no good reason to change it.
+.PP
+The available bulk-crypto transforms are as follows.
+.TP
+.B v0
+Originally this was the only transform available. It's a standard
+generic composition of a CPA-secure symmetric encryption scheme with a
+MAC; initialization vectors for symmetric encryption are chosen at
+random and included explicitly in the cryptogram.
+.TP
+.B iiv
+A newer `implicit-IV' transform. Rather than having an explicit random
+IV, the IV is computed from the sequence number using a block cipher.
+This has two advantages over the
+.B v0
+transform. Firstly, it adds less overhead to encrypted messages
+(because the IV no longer needs to be sent explicitly). Secondly, and
+more significantly, the transform is entirely deterministic, so (a) it
+doesn't need the (possibly slow) random number generator, and (b) it
+closes a kleptographic channel, over which a compromised implementation
+could leak secret information to a third party.
.SS "Using SLIP interfaces"
Though not for the faint of heart, it is possible to get
.B tripe