From 1cd8e7ef3dc7538cc0a0a4d8f38eeb3fd24f1872 Mon Sep 17 00:00:00 2001
From: Paul Kehrer <paul.l.kehrer@gmail.com>
Date: Tue, 20 Oct 2015 08:47:10 -0500
Subject: add a little bit about ECDHE

---
 docs/hazmat/primitives/asymmetric/ec.rst | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/docs/hazmat/primitives/asymmetric/ec.rst b/docs/hazmat/primitives/asymmetric/ec.rst
index e4df9b10..2fac6d71 100644
--- a/docs/hazmat/primitives/asymmetric/ec.rst
+++ b/docs/hazmat/primitives/asymmetric/ec.rst
@@ -147,6 +147,10 @@ Elliptic Curve Key Exchange algorithm
         ... ).public_key()
         >>> shared_key = private_key.exchange(ec.ECDH(), peer_public_key)
 
+    ECDHE (or EECDH), the ephemeral form of this exchange, is **strongly
+    preferred** over simple ECDH and provides `forward secrecy`_ when used.
+    You must generate a new private key using :func:`generate_private_key` for
+    each ``exchange`` when performing an ECDHE key exchange.
 
 Elliptic Curves
 ---------------
@@ -470,3 +474,4 @@ Key Interfaces
 .. _`SafeCurves`: http://safecurves.cr.yp.to/
 .. _`ECDSA`: https://en.wikipedia.org/wiki/ECDSA
 .. _`EdDSA`: https://en.wikipedia.org/wiki/EdDSA
+.. _`forward secrecy`: https://en.wikipedia.org/wiki/Forward_secrecy
-- 
cgit v1.2.3