Merge branch 'remodulate-on-rekey' of https://gogs.blitter.com/RLabs/xs into remodulate-on-rekey

README.md

@@ -63,6 +63,16 @@ In all releases prior to v0.9.3, absent a specific whitelist of algs to allow, t
 As of release v0.9.3, the default when supplying no explicit KEX, cipher or HMAC algorithms to `xsd` results in *no* algs being accepted; so the admin must decide on a specific whitelist of algorithms.
 ***
 
+***
+**Experimental Session Crypto 'Remodulation' on Rekeying**
+
+Support has been added for an experimental 'remodulation' of the active session cipher and hash algorithms
+when a rekey is performed. This feature, only active if the `-R` option is specified by *both* server and
+client, will cause the two sides to negotiate a (potentially) new cipher and hash algorithm as part of the rekeying (normal rekeying *without* 'remodulation' is on by default, with the interval optionally specified independently by client and server via the `-r` (note lowercase) option).
+
+This experimental 'remodulation' is intended to inhibit a potential attacker's efforts to analyze session data, by reducing the usefulness of any distinguisher, presuming one exists, that may exist in one of the symmetric cipher algos used during a session. Note however, that if the initial KEM negotiation were broken and the attacker has recorded all following session traffic, they can still 'stay in sync' with the rekeys *and* algo remodulations, and be able to continue decrypting across session rekeys. (That is, this feature does not
+add any security if the initial KEM exchange were broken.)
+***
 
 ### Conn
 Calls to xsnet.Dial() and xsnet.Listen()/Accept() are generally the same as calls to the equivalents within the _net_ package; however upon connection a key exchange automatically occurs whereby client and server independently derive the same keying material, and all following traffic is secured by a symmetric encryption algorithm.