X-Git-Url: https://git.distorted.org.uk/~mdw/secnet/blobdiff_plain/3ed1846a624d9428c48528d6464126b7459ad462..refs/heads/mdw/xdh:/NOTES

diff --git a/NOTES b/NOTES
index f5ebc65..313a0ff 100644
--- a/NOTES
+++ b/NOTES
@@ -218,8 +218,24 @@ Capability flag bits must be in one the following two categories:
    applicable.  They may also appear in MSG1, but this is not
    guaranteed.  MSG4 must advertise the same set as MSG2.
 
-No capability flags are currently defined.  Unknown capability flags
-should be treated as late ones.
+Capability bits 8 to 31 are used by Secnet as default capability numbers
+for various features: bit 8 is for the original CBCMAC-based transform,
+and bit 9 for the new EAX transform; bit 10 for traditional finite-field
+Diffie--Hellman; bits 11 to 14 and 16 to 30 are reserved for future
+expansion.  The the low eight bits are reserved for local use, e.g., to
+allow migration from one set of parameters for a particular transform to
+a different, incompatible set of parameters for the same transform. Bit
+31, if advertised by both ends, indicates that a mobile end gets
+priority in case of crossed MSG1.
+
+Bit 15 is special: it signifies (a) that the sender is reporting all of
+its transforms and DH groups explicitly, and (b) that it uses all 32
+capability bits to do so.  Older Secnets only checked the low 16 bits
+for known capabilities.
+
+Whether a capability number is early depends on its meaning, rather than
+being a static property of its number.  That said, the mobile-end-gets
+priority bit (31) is always sent as an `early' capability bit.
 
 
 MTU handling
@@ -263,7 +279,7 @@ negotiated or assumed).
 
 Messages:
 
-1) A->B: *,iA,msg1,A+,B+,nA
+1) A->B: i*,iA,msg1,A+,B+,nA
 
 i* must be encoded as 0.  (However, it is permitted for a site to use
 zero as its "index" for another site.)