--- gvpe/NEWS	2014/01/16 07:53:44	1.121
+++ gvpe/NEWS	2014/01/17 19:47:08	1.122
@@ -5,27 +5,14 @@
 TODO: replace ripemd160 as the only authentication hash.
 TODO: increase rsa size.
 TODO: replace transport bits by transport endpoint structs?
-TODO: ecdh to avoid session replay attacks
 TODO: http://incog-izick.blogspot.de/2011/08/using-openssl-aes-gcm.html
 TODO: http://stackoverflow.com/questions/12153009/openssl-c-example-of-aes-gcm-using-evp-interfaces
 
-proposed: 3 types, req, resreq, res
-
-req (hmac1) rsa(seqno1 hmac1 aes1 seqno2 hmac2 aes2 auth) ecdh1
-res (hmac1) hash(rsa-contents) ecdh2
-
-req hmac0(*) rsa(seqno hmac0 hmac aes auth) hkdf-salt ecdh1
-res hmac0(rsa-contents ecdh2)
-   hmac_key = hkdf(hkdf-salt, hmac | ecdh)
-   aes_key  = hkdf(hkdf-salt, aes  | ecdh)
-
-TODO: protocol magic fixen(!!!)
-TODO: "global"
 TODO: verify
 TODO: make sense of overhead calculation
 TODO: if-up &c should not be scripts?
-TODO: low-power
 TODO: ipv6
+TODO: gvpectrl should not use default privatekey,. or maybe document it better
 	- INCOMPATIBLE CHANGE: core protocol version 1.0.
         - INCOMPATIBLE CHANGE: node sextions are now introduced
           with "node nodename", not "node = nodename".