diff --git a/xep-0116.xml b/xep-0116.xml index d2c08f82..ab889393 100644 --- a/xep-0116.xml +++ b/xep-0116.xml @@ -675,6 +675,7 @@

Bob MUST identify the shared retained secret (SRS) by selecting from his client's list of the secrets it retained from sessions with Alice's clients (the most recent secret for each of the clients she has used to negotiate ESessions with Bob's client).

Bob does this by calculating the HMAC (using HASH and the key &NsubA;) of each secret in the list in turn and comparing it with each of the values in the 'rshashes' field he received from Alice (see Sending Alice's Identity). Once he finds a match, and has confirmed that the secret has not expired (because it is older than an implementation-defined period of time), then he has found the SRS.

+

Note: If Bob has retained no secrets from sessions with Alice's clients and if the value of the 'pubkey' field he sent to Alice in his Response Form was 'none' (i.e., if he has never communicated with the JID she is using), then he SHOULD search through all the retained secrets for all the other JIDs his client has communicated with to try to find a match with one of the values in the 'rshashes' field he received from Alice (since she may simply be using a different JID in order to protect her identity).

Bob MUST calculate the final session key by appending to K (the Diffie-Hellman shared secret) the SRS (only if one was found) and then the Other Shared Secret (only if one exists) and then setting K to be the HASH result of the concatenated string of bytes:

K = HASH(K | SRS | OSS)

Bob MUST now use the new value of K to generate the new session keys (&KCsubA;, &KMsubA;, &KCsubB;, &KMsubB; and &KSsubB;) in exactly the same way as he does for 3-message negotiations (see Generating Session Keys). These keys will be used to exchange encrypted stanzas. Note: Bob will still need the value of K in the next section.