.SH "SYNOPSIS"
.
.B tripe
-.RB [ \-DF ]
+.RB [ \-46DF ]
.RB [ \-d
.IR dir ]
.RB [ \-b
per line, and exits with status 0. This is intended for the use of the
start-up script, so that it can check that it will actually work.
.TP
+.B "\-4, \-\-ipv4"
+Use only IPv4 addresses. The server will resolve names only to IPv4
+addresses, and not attempt to create IPv6 sockets.
+.TP
+.B "\-6, \-\-ipv6"
+Use only IPv6 addresses. The server will resolve names only to IPv6
+addresses, and not attempt to create IPv4 sockets. Note that v6-mapped
+IPv4 addresses won't work either.
+.TP
.B "\-D, \-\-daemon"
Dissociates from its terminal and starts running in the background after
completing the initialization procedure described above. If running as
Names the bulk-crypto transform to use. See below.
.TP
.B blkc
-Names a block cipher, used by some bulk-crypto transforms (e.g.,
+Names a blockcipher, used by some bulk-crypto transforms (e.g.,
.BR iiv ).
-The default is to use the block cipher underlying the chosen
+The default is to use the blockcipher underlying the chosen
.BR cipher ,
if any.
.TP
.TP
.B iiv
A newer `implicit-IV' transform. Rather than having an explicit random
-IV, the IV is computed from the sequence number using a block cipher.
+IV, the IV is computed from the sequence number using a blockcipher.
This has two advantages over the
.B v0
transform. Firstly, it adds less overhead to encrypted messages
closes a kleptographic channel, over which a compromised implementation
could leak secret information to a third party.
.TP
+.B aead
+A transform based on an all-in-one `authenticated encryption with
+additional data' scheme. The scheme is named in the
+.B cipher
+attribute; the default is
+.BR rijndael-ocb3 .
+If the
+.B mac
+attribute is given, it must be either
+.B aead
+or
+.BR aead/ \c
+.IR tagsz ,
+where
+.I tagsz
+is the desired tag length in bits; alternatively, the tag length can be
+set in the
+.B tagsz
+attribute. The chosen AEAD scheme must accept at least a 64-bit nonce
+(this rules out OCB3 and CCM with 64-bit blockciphers); it mustn't
+require an absurdly large nonce size (none of the schemes implemented in
+Catacomb present a problem here, but it bears mentioning); it must
+actually support additional header data (which rules out the
+.B naclbox
+schemes, but see the
+.B naclbox
+transform below); and it must produce an empty ciphertext when
+encrypting an empty message (again, all of Catacomb's schemes meet this
+requirement).
+.TP
.B naclbox
A transform based on the NaCl
.B crypto_secretbox