.so ../common/defs.man \" @@@PRE@@@
.
.\"--------------------------------------------------------------------------
-.TH tripe 8 "10 February 2001" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
+.TH tripe 8tripe "10 February 2001" "Straylight/Edgeware" "TrIPE: Trivial IP Encryption"
.
.\"--------------------------------------------------------------------------
.SH "NAME"
administration socket.
.TP
.BI "\-G, \-\-setgid=" group
-Set gid to that of
+If the current effective uid is zero (i.e., the daemon was invoked as
+.BR root )
+then set gid to that of
.I group
-(either a group name or integer gid) after initialization.
+(either a group name or integer gid) after initialization. In any
+event, arrange hat the administration socket be owned by the given
+.IR group .
.TP
.BI "\-k, \-\-priv\-keyring=" file
Reads the private key from
mode, designed by Bellare, Canetti and Krawczyk). These can all be
overridden by setting attributes on your private key, as follows.
.TP
+.B bulk
+Names the bulk-crypto transform to use. See below.
+.TP
+.B blkc
+Names a block cipher, used by some bulk-crypto transforms (e.g.,
+.BR iiv ). The default is to use the block cipher underlying the chosen
+.BR cipher ,
+if any.
+.TP
.B cipher
Names the symmetric encryption scheme to use. The default is
.BR blowfish\-cbc .
A `mask-generation function', used in the key-exchange. The default is
.IB hash \-mgf
and there's no good reason to change it.
+.PP
+The available bulk-crypto transforms are as follows.
+.TP
+.B v0
+Originally this was the only transform available. It's a standard
+generic composition of a CPA-secure symmetric encryption scheme with a
+MAC; initialization vectors for symmetric encryption are chosen at
+random and included explicitly in the cryptogram.
+.TP
+.B iiv
+A newer `implicit-IV' transform. Rather than having an explicit random
+IV, the IV is computed from the sequence number using a block cipher.
+This has two advantages over the
+.B v0
+transform. Firstly, it adds less overhead to encrypted messages
+(because the IV no longer needs to be sent explicitly). Secondly, and
+more significantly, the transform is entirely deterministic, so (a) it
+doesn't need the (possibly slow) random number generator, and (b) it
+closes a kleptographic channel, over which a compromised implementation
+could leak secret information to a third party.
.SS "Using SLIP interfaces"
Though not for the faint of heart, it is possible to get
.B tripe