update spec

README.md

@@ -76,41 +76,13 @@ The broadcast procedure is follow.
 This procedure will cause tolerable amount of packet storm, but it will also serve good purpose of re-sending packet if previous was dropped on network path
 
 
-## Host-to-node introduction
+# Encryption
 
-All hosts must be pre-configured with node public key.
+For host-to-node and node-to-node communication AES-256 symmetric cipher is used.
 
+Each node has node key, and for each host node stores host key. The host must be configured with its host key, provided by node.
 
-When host is not introduced to a node
-- Host didn't configured host private key
-- Node does not have host public key
-
-
-The following procude must be done:
-1. Host forms "introduction" packet containing:
-- Host ID
-- Host name
-- Host public key
-2. Host encrypts this packet with node public key
-3. On success, node replies with greeting packet encrypted with host public key
-4. Host determines success by ability to decrypt with host private key and verifying "protocol magic byte sequence"
-
-After host introduction, host will be able to query and heartbeat to a node.
-
-
-## Node-to-node introduction
-
-The first node in network must configure it's node public and private key.
-Node public key will be shared to hosts by outside means of configuration.
-
-
-All nodes share same node key pair.
-
-
-Node introduction is consequence of state sync/broadcast. Node encrypts packet for another node using NODE PRIVATE KEY and sends it over Interior connection, while target node decrypts with public node key. That way, no host can node-sync to node.
-
-Node should never node-sync to a host, since host can decrypt sync packet using already pre-configured node public key. That's usually no issue when all nodes configured with proper ACLs and initial neighbor lists.
-
+Node key is used only for node-to-node and must be kept private, unless another node is being deployed.
 
 ## Software architecture