update

1 files changed, 22 insertions, 1 deletions

diff --git a/doc/design/git-remote-daemon.mdwn b/doc/design/git-remote-daemon.mdwn
index b50b89015..329f426ea 100644
--- a/doc/design/git-remote-daemon.mdwn
+++ b/doc/design/git-remote-daemon.mdwn
@@ -47,16 +47,37 @@ either:
 
 It is configured entirely by .git/config.
 
+# encryption & authentication
+
+For simplicity, the network transports have to do their own end-to-end
+encryption. Encryption is not part of this design.
+
+(XMPP does not do end-to-end encryption, but might be supported
+transitionally.)
+
+Ditto for authentication that we're talking to who we indend to talk to.
+Any public key data etc used for authenticion is part of the remote's
+configuration (or hidden away in a secure chmodded file, if neccesary).
+This design does not concern itself with authenticating the remote node,
+it just takes the auth token and uses it.
+
+For example, in telehash, each node has its own keypair, which is used
+or authentication and encryption, and is all that's needed to route
+messages to that node.
+
 # stdio protocol
 
 This is an asynchronous protocol. Ie, either side can send any message
 at any time, and the other side does not send a reply.
 
-It is line based and intended to be low volume.
+It is line based and intended to be low volume and not used for large data.
 
 TODO: Expand with commands for sending/receiving git-annex objects, and
 progress during transfer.
 
+TODO: Will probably need to add something for whatever pairing is done by
+the webapp.
+
 ## emitted messages
 
 * `CHANGED $remote $ref ...`