From 1c5664313643f629e8bd330e67de8abea98f9b56 Mon Sep 17 00:00:00 2001
From: David Anderson <danderson@tailscale.com>
Date: Mon, 18 Oct 2021 10:50:13 -0700
Subject: [PATCH] disco: amplify comment that disco ping's NodeKey shouldn't be
 trusted by itself.

Signed-off-by: David Anderson <danderson@tailscale.com>
---
 disco/disco.go | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/disco/disco.go b/disco/disco.go
index b0476bba1..ffd69e581 100644
--- a/disco/disco.go
+++ b/disco/disco.go
@@ -110,11 +110,12 @@ type Ping struct {
 	// TxID is a random client-generated per-ping transaction ID.
 	TxID [12]byte
 
-	// NodeKey is the ping sender's wireguard public key.  Old
-	// clients (~1.16.0 and earlier) don't send this field.  It
-	// shouldn't be trusted by itself. But if present and the
-	// netmap's peer for this NodeKey's DiscoKey matches the
-	// sender of this disco key, they it can be.
+	// NodeKey is allegedly the ping sender's wireguard public key.
+	// Old clients (~1.16.0 and earlier) don't send this field.
+
+	// It shouldn't be trusted by itself, but can be combined with
+	// netmap data to reduce the discokey:nodekey relation from 1:N to
+	// 1:1.
 	NodeKey tailcfg.NodeKey
 }