diff --git a/src/foolscap/doc/using-foolscap.xhtml b/src/foolscap/doc/using-foolscap.xhtml index 9ddc88cec..ade5a60dd 100644 --- a/src/foolscap/doc/using-foolscap.xhtml +++ b/src/foolscap/doc/using-foolscap.xhtml @@ -145,10 +145,10 @@ listen on a port, and tell it the protocol/hostname/portnumber at which that port is accessibly to the outside world.

In general, the Tub will generate its own identity, the TubID, by -creating an SSL private key certificate and hashing it into a suitably-long +creating an SSL public key certificate and hashing it into a suitably-long random-looking string. This is the primary identifier of the Tub: everything else is just a location hint that suggests how the Tub might be -reached. The fact that the TubID is tied to the private key allows FURLs to +reached. The fact that the TubID is tied to the public key allows FURLs to be secure references (meaning that no third party can cause you to connect to the wrong reference). You can also create a Tub with a pre-existing certificate, which is how Tubs can retain a persistent identity @@ -236,7 +236,7 @@ application.

Using a persistent certificate

-

The Tub uses a TLS private-key certificate as the base of all its +

The Tub uses a TLS public-key certificate as the base of all its cryptographic operations. If you don't give it one when you create the Tub, it will generate a brand-new one.