Update 'README.md'

Added notes on experimental algo remodulation

README.md

@@ -63,6 +63,15 @@ In all releases prior to v0.9.3, absent a specific whitelist of algs to allow, t
 As of release v0.9.3, the default when supplying no explicit KEX, cipher or HMAC algorithms to `xsd` results in *no* algs being accepted; so the admin must decide on a specific whitelist of algorithms.
 ***
 
+***
+**Experimental Session Crypto 'Remodulation' on Rekeying**
+
+Support has been added for an experimental 'remodulation' of the active session cipher and hash algorithms
+when a rekey is performed. This feature, only active if the `-R` option is specified by *both* server and
+client, will cause the two sides to negotiate a (potentially) new cipher and hash algorithm as part of the rekeying (normal rekeying *without* 'remodulation' is on by default, with the interval optionally specified independently by client and server via the `-r` (note lowercase) option).
+
+This experimental 'remodulation' is intended to further confuse a potential attacker attempting to analyze session data; however if the initial session key negotiation, protected by the asymmetric KEM exchange, were broken AND the attacker has recorded all following session data, the attacker could in theory stay in sync with rekeys *and* algo remodulations in order to continue decrypting session data, so NOTE that this protection is still predicated on the security of the initial asymmetric KEM exchange.
+***
 
 ### Conn
 Calls to xsnet.Dial() and xsnet.Listen()/Accept() are generally the same as calls to the equivalents within the _net_ package; however upon connection a key exchange automatically occurs whereby client and server independently derive the same keying material, and all following traffic is secured by a symmetric encryption algorithm.