+.\" Man page for secnet.
+.\"
+.\" See the secnet.git README, or the Debian copyright file, for full
+.\" list of copyright holders.
+.\"
+.\" secnet is free software; you can redistribute it and/or modify it
+.\" under the terms of the GNU General Public License as published by
+.\" the Free Software Foundation; either version 3 of the License, or
+.\" (at your option) any later version.
+.\"
+.\" secnet is distributed in the hope that it will be useful, but
+.\" WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+.\" General Public License for more details.
+.\"
+.\" You should have received a copy of the GNU General Public License
+.\" version 3 along with secnet; if not, see
+.\" https://www.gnu.org/licenses/gpl.html.
.TH secnet 8
.SH NAME
If \fBtrue\fR (the default) then check if \fIp\fR is prime.
.PP
A \fIdh closure\fR defines a group to be used for key exchange.
-The same group must be used by all sites in the VPN.
.SS logfile
\fBlogfile(\fIDICT\fB)\fR => \fIlog closure\fR
Read the contents of the file \fIPATH\fR (a string) and return it as a string.
.SS eax-serpent
-\eax-fBserpent(\fIDICT\fB)\fR => \fItransform closure\fR
+\fBeax-serpent(\fIDICT\fB)\fR => \fItransform closure\fR
.PP
Valid keys in the \fIDICT\fR argument are:
.TP
serves to obscure the exact length of messages. The default is 16,
.TP
.B capab-num
-The transform capability number to use when advertising this
-transform. Both ends must have the same meaning (or, at least, a
-compatible transform) for each transform capability number they have
+The capability number to use when advertising this
+transform. Both ends must have the same meaning (or, at least,
+refer to compatible constructions) for each capability number they have
in common. The default for serpent-eax is 9.
.IP
-Transform capability numbers in the range 8..15 are intended for
+Capability numbers in the range 8..15 are intended for
allocation by the implementation, and may be assigned as the default
-for new transforms in the future. Transform capability numbers in the
+for new transforms in the future. Capability numbers in the
range 0..7 are reserved for definition by the user.
.PP
A \fItransform closure\fR is a reversible means of transforming
One or more \fItransform closures\fR.
Used to protect packets exchanged with the peer. These should
all have distinct \fBcapab-num\fR values, and the same \fBcapab-num\fR
-value should refer to the same (or a compatible) transform at both
+value should have the same (or a compatible) meaning at both
ends. The list should be in order of preference, most preferred
first. (The end which sends MSG1,MSG3 ends up choosing; the ordering
at the other end is irrelevant.)