-Bumped version to 0.2pre to reflect protocol break w/0.1pre

-Added design principle note (no downgrade attack-enabling protocol features)

hkexnet/hkexnet.go

@@ -16,6 +16,12 @@ package hkexnet
 // prefix the channel setup with this param over the wire in order to decide
 // which is in use.
 //
+// DESIGN PRINCIPLE: There shall be no protocol features which enable
+// downgrade attacks. The server shall have final authority to accept or
+// reject any and all proposed KEx and connection parameters proposed by
+// clients at setup. Action on denial shall be a simple server disconnect
+// with possibly a status code sent so client can determine why connection
+// was denied (compare to how failed auth is communicated to client).
 
 // Implementation of HKEx-wrapped versions of the golang standard
 // net package interfaces, allowing clients and servers to simply replace

hkexsh/hkexsh.go

@@ -318,7 +318,7 @@ func rejectUserMsg() string {
 // connection (app-specific, passed through to the server to use or
 // ignore at its discretion).
 func main() {
-	version := "0.1pre (NO WARRANTY)"
+	version := "0.2pre (NO WARRANTY)"
 	var vopt bool
 	var dbg bool
 	var shellMode bool // if true act as shell, else file copier

hkexshd/hkexshd.go

@@ -317,7 +317,7 @@ func runShellAs(who, ttype string, cmd string, interactive bool, conn hkexnet.Co
 // Listener and Conns. The KEx and encrypt/decrypt is done within the type.
 // Compare to 'serverp.go' in this directory to see the equivalence.
 func main() {
-	version := "0.1pre (NO WARRANTY)"
+	version := "0.2pre (NO WARRANTY)"
 	var vopt bool
 	var chaffEnabled bool
 	var chaffFreqMin uint