|
|
@@ -31,15 +31,15 @@ to anyone.
|
|
|
identity (permanent public key) with which the session has been established.
|
|
|
|
|
|
3. It must not be possible to reveal the content of any packet with an fc00::/8 destination address
|
|
|
-which enters cjdns through the TUN device, except revealing it to the holder(s) of the Matching
|
|
|
+which enters cjdns through the TUN device, except to the holder(s) of the Matching
|
|
|
Keypair for that address.
|
|
|
|
|
|
4. It must not be possible to receive any packet with an fc00::/8 source address unless the sender
|
|
|
is in possession of the Matching Keypair for that address and the content (not including fields in
|
|
|
the IPv6 header other than source and destination addresses) has not been altered en-route.
|
|
|
|
|
|
-5. It must not be possible to receive a packet which is part of an ESTABLISHED session of that
|
|
|
-packet was already received before.
|
|
|
+5. It must not be possible to receive a packet which is part of an ESTABLISHED session if that
|
|
|
+packet has already been received.
|
|
|
|
|
|
6. If the permanent private key is compromised, any traffic which was sent during a previous
|
|
|
ESTABLISHED session which has since ended will not be compromised as a result.
|
Caleb James DeLisle