+.SH "HOST CONFIGURATION FILES"
+The host configuration files contain all information needed to establish a
+connection to those hosts. A host configuration file is also required for the
+local tinc daemon, it will use it to read in it's listen port, public key and
+subnets.
+
+The idea is that these files are ``portable''. You can safely mail your own host
+configuration file to someone else. That other person can then copy it to his
+own hosts directory, and now his tinc daemon will be able to connect to your
+tinc daemon. Since host configuration files only contain public keys, no secrets
+are revealed by sending out this information.
+.PP
+.TP
+\fBAddress\fR = <\fIIP address\fR> (required)
+The real address or hostname of this tinc daemon.
+.TP
+\fBPort\fR = <\fIport number\fR> (655)
+The port on which this tinc daemon is listening for incoming connections.
+.TP
+\fBPublicKey\fR = <\fIkey\fR> (required)
+The public RSA key of this tinc daemon. It will be used to cryptographically
+verify it's identity and to set up a secure connection.
+.TP
+\fBSubnet\fR = <\fIaddress/masklength\fR> (optional)
+The subnet which this tinc daemon will serve. tinc tries to look up which other
+daemon it should send a packet to by searching the appropiate subnet. If the
+packet matches a subnet, it will be sent to the daemon who has this subnet in his
+host configuration file. Multiple subnet lines can be specified.
+
+At the moment, this directive is only used in the host configuration file of
+the local tinc daemon itself. In upcoming versions of tinc, it will be possible to
+restrict other hosts in which subnets they server.
+
+The subnets must be in a form like \fI192.168.1.0/24\fR, where 192.168.1.0 is the
+network address and 24 is the number of bits set in the netmask. Note that subnets
+like \fI192.168.1.1/24\fR are invalid! Read a networking howto/FAQ/guide if you
+don't understand this.