emphasise that the hostkey rotation may send key types that the client

may not support, and that the client should simply disregard such keys
(this is what ssh does already).

1 files changed, 9 insertions, 5 deletions

diff --git a/usr.bin/ssh/PROTOCOL b/usr.bin/ssh/PROTOCOL
index 285d0503417..f27e0dfffbd 100644
--- a/usr.bin/ssh/PROTOCOL
+++ b/usr.bin/ssh/PROTOCOL
@@ -295,10 +295,14 @@ has completed.
 	string[]	hostkeys
 
 Upon receiving this message, a client should check which of the
-supplied host keys are present in known_hosts. For keys that are
-not present, it should send a "hostkeys-prove@openssh.com" message
-to request the server prove ownership of the private half of the
-key.
+supplied host keys are present in known_hosts.
+
+Note that the server may send key types that the client does not
+support. The client should disgregard such keys if they are received.
+
+If the client identifies any keys that are not present for the host,
+it should send a "hostkeys-prove@openssh.com" message to request the
+server prove ownership of the private half of the key.
 
 	byte		SSH_MSG_GLOBAL_REQUEST
 	string		"hostkeys-prove-00@openssh.com"
@@ -454,4 +458,4 @@ respond with a SSH_FXP_STATUS message.
 This extension is advertised in the SSH_FXP_VERSION hello with version
 "1".
 
-$OpenBSD: PROTOCOL,v 1.31 2017/05/26 01:40:07 djm Exp $
+$OpenBSD: PROTOCOL,v 1.32 2018/02/19 00:55:02 djm Exp $