From bc2dc091e0ac4ff6245c43a61ebe12c7e9ea0b7f Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Thu, 19 Dec 2019 03:50:01 +0000 Subject: [PATCH] upstream: "Forward security" -> "Forward secrecy" since that's the correct term. Add "MAC" since we use that acronym in other man pages. ok naddy@ OpenBSD-Commit-ID: c35529e511788586725fb63bda3459e10738c5f5 --- sshd.8 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sshd.8 b/sshd.8 index c052b8005..dc11a0d00 100644 --- a/sshd.8 +++ b/sshd.8 @@ -33,8 +33,8 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.309 2019/12/17 16:21:07 naddy Exp $ -.Dd $Mdocdate: December 17 2019 $ +.\" $OpenBSD: sshd.8,v 1.310 2019/12/19 03:50:01 dtucker Exp $ +.Dd $Mdocdate: December 19 2019 $ .Dt SSHD 8 .Os .Sh NAME @@ -253,13 +253,13 @@ Whenever a client connects, the daemon responds with its public host key. The client compares the host key against its own database to verify that it has not changed. -Forward security is provided through a Diffie-Hellman key agreement. +Forward secrecy is provided through a Diffie-Hellman key agreement. This key agreement results in a shared session key. The rest of the session is encrypted using a symmetric cipher. The client selects the encryption algorithm to use from those offered by the server. Additionally, session integrity is provided -through a cryptographic message authentication code. +through a cryptographic message authentication code (MAC). .Pp Finally, the server and the client enter an authentication dialog. The client tries to authenticate itself using