From ba730a1924383815224551aaebc024c8eb7d0df6 Mon Sep 17 00:00:00 2001
From: Quentin Dufour <quentin@deuxfleurs.fr>
Date: Mon, 22 Jan 2024 18:11:24 +0100
Subject: [PATCH] fix per-user encryption page

---
 .../documentation/design/per-user-encryption.md | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/content/documentation/design/per-user-encryption.md b/content/documentation/design/per-user-encryption.md
index c7a9fea..14382e3 100644
--- a/content/documentation/design/per-user-encryption.md
+++ b/content/documentation/design/per-user-encryption.md
@@ -24,8 +24,19 @@ and decrypt them locally, exposing an IMAP proxy interface. An attacker having f
 will not be able to compromise your already received data (but can intercept new emails). It's similar to [Proton Mail Bridge](https://proton.me/fr/mail/bridge),
 but keep in mind that Aerogramme does not support (yet) end-to-end email encryption like Proton Mail or Tutanota, *so Aerogramme is less secure*.
 
-When run on server (both for the transparent and hardened flavor), Aerogramme must be started in the "provider mode", as in "email service provider".
+<!--When run on server (both for the transparent and hardened flavor), Aerogramme must be started in the "provider mode", as in "email service provider".
 When run on the end-user device (only the hardened flavor require that), Aerogramme must be started in the "companion mode", as in "a companion process of your email client".
-These 2 words are materialized as 2 subcommands on the Aerogramme binary: `aerogramme provider` and `aerogramme companion`.
+These 2 words are materialized as 2 subcommands on the Aerogramme binary: `aerogramme provider` and `aerogramme companion`.-->
 
-## Aerogramme "role"
+## Aerogramme roles
+
+The transparent flavor only requires Aerogramme to be run on the service provider server, while the hardened flavor require the end-user to run a local proxy.
+More specifically:
+
+**Provider** - Provider must be run by the service provider, it is used for both flavors. For the transparent flavor, it both receives emails through LMTP and expose
+the mailbox through IMAP. For the hardened mode, it only receives emails through LMTP, encrypt them with user's public key, but can't expose them through IMAP as the server
+can't decrypt them. Provider commands are available through the `aerogramme provider` subcommand.
+
+**Companion** - Companion must be run by the end user, it is used only for the hardened flavor. It fetches encrypted blobs from the server
+of the email provider, decrypt them locally, and expose the mailbox across the IMAP interface, acting as a local proxy.
+Companion commands are avaialble through the `aerogramme companion` subcommand.