Clarifications.

diff --git a/ykpersonalize.1 b/ykpersonalize.1
index 6ef28c2ed698b09ef34f7eab0e338156a17b920e..bf8b69e6f888965120d80192508053d27d19a311 100644 (file)
--- a/ykpersonalize.1
+++ b/ykpersonalize.1
@@ -43,7 +43,8 @@ ykpersonalize - personalize Yubikey OTP tokens
 .PP
 Set the AES key, user ID and other settings in a Yubikey.  For the complete
 explanation of the meaning of all parameters, see the reference
-manual: http://yubico.com/files/YubiKey_manual-2.0.pdf
+manual:
+.URL "http://yubico.com/files/YubiKey_manual-2.0.pdf" "Yubikey manual"
 .TP
 \fB\-1\fR
 change the first configuration.  This is the default and is
@@ -81,21 +82,23 @@ Salt to be used when deriving key from a password.
 If none is given, a unique random one will be generated.
 .TP
 \fBfixed\fR=\fIfffffffffff\fR
-The public modhex identity of key, 0-16 characters long.
+The modhex \fIpublic identity\fR of the Yubikey, 0-16 characters long.
 It's possible to give the identity in hex as well, just prepend the
 value with `h:'. The fixed part is emitted before the OTP when the
-button on the YubiKey is pressed. It can be used as an identifier for
+button on the Yubikey is pressed. It can be used as an identifier for
 the user, for example.
 .TP
 \fBuid\fR=\fIuuuuuu\fR
-The uid part of the generated ticket, in hex.
-Must be 12 characters long. The uid is 6 bytes of data that is encrypted
-in every OTP, and is used to validate that an OTP was in fact encrypted
-with the AES key shared between the YubiKey and validation service.
+The uid part of the generated OTP, in hex.
+Must be 12 characters long. The uid is 6 bytes of static data that is included
+(encrypted) in every OTP, and is used to validate that an OTP was in fact encrypted
+with the AES key shared between the Yubikey and the validation service. It cannot
+be used to identify the Yubikey as it is only readable to those that know
+the AES key.
 .TP
 \fBaccess\fR=\fIfffffffffff\fR
-New hex access code to set.
-Must be 12 characters long.
+New hex access code to set. Must be 12 characters long.
+If an access code is set, it will be required for subsequent reprogramming of the Yubikey.
 .TP 
 [\-]\fIticket-flag\fR
 Set/clear ticket flag, see the section `Ticket flags\&'
@@ -233,7 +236,7 @@ can be supplied with -a.
 .PP
 The token identifier can be set with the -ofixed= option.
 See section "5.3.4 - OATH-HOTP Token Identifier" of the
-.URL "http://static.yubico.com/var/uploads/pdfs/YubiKey_Manual_2010-09-16.pdf" "Yubikey manual"
+.URL "http://yubico.com/files/YubiKey_manual-2.0.pdf" "Yubikey manual"
 for details, but in short the token identifier is 2 bytes manufacturer prefix,
 2 bytes token type and then 8 bytes manufacturer unique ID.