X-Git-Url: https://git.distorted.org.uk/u/mdw/putty/blobdiff_plain/bf98289914f47f394aa0cc442c267e56490c9e70..cf0a2e9fee718adf60a0f191e607debbcf09450f:/doc/config.but

diff --git a/doc/config.but b/doc/config.but
index 18c9d9fb..0b5dcbb9 100644
--- a/doc/config.but
+++ b/doc/config.but
@@ -882,7 +882,7 @@ commands from the server. If you find PuTTY is doing this
 unexpectedly or inconveniently, you can tell PuTTY not to respond to
 those server commands.
 
-\S{config-features-qtitle} Disabling remote \i{window title} querying
+\S{config-features-qtitle} Response to remote \i{window title} querying
 
 \cfg{winhelp-topic}{features.qtitle}
 
@@ -899,8 +899,28 @@ service to have the new window title sent back to the server as if
 typed at the keyboard. This allows an attacker to fake keypresses
 and potentially cause your server-side applications to do things you
 didn't want. Therefore this feature is disabled by default, and we
-recommend you do not turn it on unless you \e{really} know what you
-are doing.
+recommend you do not set it to \q{Window title} unless you \e{really}
+know what you are doing.
+
+There are three settings for this option:
+
+\dt \q{None}
+
+\dd PuTTY makes no response whatsoever to the relevant escape
+sequence. This may upset server-side software that is expecting some
+sort of response.
+
+\dt \q{Empty string}
+
+\dd PuTTY makes a well-formed response, but leaves it blank. Thus,
+server-side software that expects a response is kept happy, but an
+attacker cannot influence the response string. This is probably the
+setting you want if you have no better ideas.
+
+\dt \q{Window title}
+
+\dd PuTTY responds with the actual window title. This is dangerous for
+the reasons described above.
 
 \S{config-features-dbackspace} Disabling \i{destructive backspace}
 
@@ -2200,7 +2220,7 @@ separate configuration of the preference orders. As a result you may
 get two warnings similar to the one above, possibly with different
 encryptions.
 
-Single-DES is not recommended in the SSH-2 draft protocol
+Single-DES is not recommended in the SSH-2 protocol
 standards, but one or two server implementations do support it.
 PuTTY can use single-DES to interoperate with
 these servers if you enable the \q{Enable legacy use of single-DES in
@@ -2281,7 +2301,7 @@ These options control how often PuTTY will initiate a repeat key
 exchange (\q{rekey}). You can also force a key exchange at any time
 from the Special Commands menu (see \k{using-specials}).
 
-\# FIXME: do we have any additions to the SSH-2 drafts' advice on
+\# FIXME: do we have any additions to the SSH-2 specs' advice on
 these values? Do we want to enforce any limits?
 
 \b \q{Max minutes before rekey} specifies the amount of time that is
@@ -2886,7 +2906,7 @@ This is an SSH-2-specific bug.
 
 Versions below 3.3 of \i{OpenSSH} require SSH-2 RSA signatures to be
 padded with zero bytes to the same length as the RSA key modulus.
-The SSH-2 draft specification says that an unpadded signature MUST be
+The SSH-2 specification says that an unpadded signature MUST be
 accepted, so this is a bug. A typical symptom of this problem is
 that PuTTY mysteriously fails RSA authentication once in every few
 hundred attempts, and falls back to passwords.