@node PAKE
-@section Password Authenticated Key Agreement
+@subsection Password Authenticated Key Agreement
Previously we used pre-shared high-entropy long-term static key for
client-server authentication. Is is secure, but not convenient for some
entropy source.
Passphrases are entered directly by the human on the client side. Server
-side stores previously shared so-called @ref{Verifier}. Verifier contains
-dictionary attack resistant password derivative. Attacker can not use it
-to act as a client.
+side stores previously shared so-called @ref{Verifier, verifier}. Verifier
+contains dictionary attack resistant password derivative. Attacker can not
+use it to act as a client.