emphasise that the hostkey rotation may send key types that the client

may not support, and that the client should simply disregard such keys
(this is what ssh does already).

diff --git a/usr.bin/ssh/PROTOCOL b/usr.bin/ssh/PROTOCOL
index 285d050..f27e0df 100644 (file)
--- a/usr.bin/ssh/PROTOCOL
+++ b/usr.bin/ssh/PROTOCOL
@@ -295,10 +295,14 @@ has completed.
        string[]        hostkeys
 
 Upon receiving this message, a client should check which of the
-supplied host keys are present in known_hosts. For keys that are
-not present, it should send a "hostkeys-prove@openssh.com" message
-to request the server prove ownership of the private half of the
-key.
+supplied host keys are present in known_hosts.
+
+Note that the server may send key types that the client does not
+support. The client should disgregard such keys if they are received.
+
+If the client identifies any keys that are not present for the host,
+it should send a "hostkeys-prove@openssh.com" message to request the
+server prove ownership of the private half of the key.
 
        byte            SSH_MSG_GLOBAL_REQUEST
        string          "hostkeys-prove-00@openssh.com"
@@ -454,4 +458,4 @@ respond with a SSH_FXP_STATUS message.
 This extension is advertised in the SSH_FXP_VERSION hello with version
 "1".
 
-$OpenBSD: PROTOCOL,v 1.31 2017/05/26 01:40:07 djm Exp $
+$OpenBSD: PROTOCOL,v 1.32 2018/02/19 00:55:02 djm Exp $