--- a/handouts/ho05.tex	Fri Oct 28 01:03:10 2016 +0100
+++ b/handouts/ho05.tex	Sat Nov 05 17:09:05 2016 +0000
@@ -3,7 +3,7 @@
 \usepackage{../langs}
 
 \begin{document}
-\fnote{\copyright{} Christian Urban, 2014}
+\fnote{\copyright{} Christian Urban, King's College London, 2014, 2016}
 
 %% the expectation is that anything encrypted today, will be
 %% decrypted in 20 years time
@@ -95,7 +95,7 @@
 
 The common characteristics of the protocols we are interested
 in is that an adversary or attacker is assumed to be in
-complete control over the network or channel over which we
+complete control of  the network or channel over which we
 exchanging messages. An attacker can install a packet sniffer
 on a network, inject packets, intercept packets, modify
 packets, replay old messages, or fake pretty much everything
@@ -573,9 +573,12 @@
 organisations, VeriSign, has limited its liability to \$100 in
 case it issues a false certificate. This is really a joke and
 really the wrong incentive for the certification organisations
-to clean up their mess.
+to clean up their mess. The problem is compounded that 
+browser vendors also play a crucial role for this to
+work (and they might have completely different incentives
+according to which they operate).
 
-The problem we want to study closer here is that protocols
+The problem we want to study closer now is that protocols
 based on public-private key encryption are susceptible to
 simple person-in-the-middle attacks. Consider the following
 protocol where $A$ and $B$ attempt to exchange secret messages
@@ -604,8 +607,8 @@
 
 \noindent Since we assume an attacker, say $E$, has complete
 control over the network, $E$ can intercept the first two 
-messages and substitutes her own public key. The protocol
-run would therefore be
+messages and substitutes her own public key. The resulting protocol
+run would be
 
 \begin{center}
 \begin{tabular}{ll@{\hspace{2mm}}l}
@@ -803,17 +806,18 @@
 \end{minipage}}}\bigskip 
 
 \noindent
-I hope you have thought about all these questions. Maybe you noticed that 
-there is a way to defeat the lockstep protocol. If an attacker could only
-forward the (unmodified) messages, then all would be great. Because then
-it could be used to establish secret keys using the Hellman-Diffie 
-technique (see further reading). That $E$ was able to decrypt all messages
-is of no importance for the Hellman-Diffie 
-technique. 
+I hope you have thought about all these questions. $E$ cannot modify
+the received messages---$A$ and $B$ woudl find this out. To stay
+undetected, $E$ can only forward the messages (unmodified) and this is
+all what $A$ and $B$ need in order to establish a shared secret.  For
+example they can use the Hellman-Diffie key exchange protocol (see
+further reading) which works, even if $E$ can decrypt all messages.
 
-Unfortunately, $E$ can create completely fake messages. Let
-us look at this possibility: $E$ intercepts again the keys from $A$
-and $B$, and substitutes its own keys.
+All good? Unfortunately, there is a way to defeat this lockstep
+protocol---the name of this protocol that halves the messages.  The
+problem is $E$ can create completely fake messages. Let us look at
+this possibility: $E$ intercepts again the keys from $A$ and $B$, and
+substitutes its own keys.
 
 \begin{center}
 \begin{tabular}{ll@{\hspace{2mm}}l}