One of the design goals for the authentication feature is to exchange session keys for bulk data encryption and integrity checks. As described in section 2.9 the ``quality'' of the random number generator is very important. Hence it should be possible to take advantage of strong session keys from, for instance, a server with special hardware for generating random data from a thermal noise source.
This can be accomplished by ``mixing'' the session-keys generated by the client and server. The mixing can be done by concatenating the keys and calculating an message digest, or by simply XOR-ing the client and server keys. The latter method is selected for the PGP authentication option.
If authentication information is sent in only one direction the session keys in that message must be used. If the authentication information is sent in both directions (mutual authentication), the following rules shall be used to select session keys: