From 217f1ed50772aaa0c7719a4a71433774cb64ce05 Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Tue, 28 Nov 2023 23:26:37 +0100
Subject: [PATCH] Add TODO about session-key reuse in SEIPDv2

---
 book/source/10-encryption.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/book/source/10-encryption.md b/book/source/10-encryption.md
index 37318dc..42b95eb 100644
--- a/book/source/10-encryption.md
+++ b/book/source/10-encryption.md
@@ -129,6 +129,14 @@ The session-key can use a different symmetric algorithm than the message-key.
 With SEIPDv2, the message-key is derived from the session-key in an extra step.
 ```
 
+```{admonition} TODO
+:class: warning
+
+Explain, that with SEIPDv2, a session-key can essentially protect more than one message by reusing the same session-key and *ESK packets with a fresh, per-message salt.
+
+This might very well go into the advanced topics section though.
+```
+
 ## Advanced topics
 
 ### Encrypt to multiple/single subkey per certificate?