1 files changed, 54 insertions, 46 deletions

diff --git a/doc/spec/rend-spec.txt b/doc/spec/rend-spec.txt
index e5bc18e836..3de6d1dfb5 100644
--- a/doc/spec/rend-spec.txt
+++ b/doc/spec/rend-spec.txt
@@ -104,14 +104,14 @@
 0.3. Constants and new cell types
 
   Relay cell types
-      32 -- RELAY_ESTABLISH_INTRO
-      33 -- RELAY_ESTABLISH_RENDEZVOUS
-      34 -- RELAY_INTRODUCE1
-      35 -- RELAY_INTRODUCE2
-      36 -- RELAY_RENDEZVOUS1
-      37 -- RELAY_RENDEZVOUS2
-      38 -- RELAY_INTRO_ESTABLISHED
-      39 -- RELAY_RENDEZVOUS_ESTABLISHED
+      32 -- RELAY_COMMAND_ESTABLISH_INTRO
+      33 -- RELAY_COMMAND_ESTABLISH_RENDEZVOUS
+      34 -- RELAY_COMMAND_INTRODUCE1
+      35 -- RELAY_COMMAND_INTRODUCE2
+      36 -- RELAY_COMMAND_RENDEZVOUS1
+      37 -- RELAY_COMMAND_RENDEZVOUS2
+      38 -- RELAY_COMMAND_INTRO_ESTABLISHED
+      39 -- RELAY_COMMAND_RENDEZVOUS_ESTABLISHED
       40 -- RELAY_COMMAND_INTRODUCE_ACK
 
 0.4. Version overview
@@ -406,7 +406,7 @@
    The OP establishes a new introduction circuit to each introduction
    point.  These circuits MUST NOT be used for anything but hidden service
    introduction.  To establish the introduction, Bob sends a
-   RELAY_ESTABLISH_INTRO cell, containing:
+   RELAY_COMMAND_ESTABLISH_INTRO cell, containing:
 
         KL   Key length                             [2 octets]
         PK   Introduction public key                [KL octets]
@@ -429,15 +429,19 @@
    check fails, the OP discards the cell; otherwise, it associates the
    circuit with Bob's public key, and dissociates any other circuits
    currently associated with PK.  On success, the OR sends Bob a
-   RELAY_INTRO_ESTABLISHED cell with an empty payload.
-
-   Bob's OP does not include its own public key in the RELAY_ESTABLISH_INTRO
-   cell, but the public key of a freshly generated introduction key pair.
-   The OP also includes these fresh public keys in the v2 hidden service
-   descriptor together with the other introduction point information. The
-   reason is that the introduction point does not need to and therefore
-   should not know for which hidden service it works, so as to prevent it
-   from tracking the hidden service's activity.
+   RELAY_COMMAND_INTRO_ESTABLISHED cell with an empty payload.
+
+   Bob's OP uses either Bob's public key or a freshly generated, single-use
+   service key in the RELAY_COMMAND_ESTABLISH_INTRO cell, depending on the
+   configured hidden service descriptor version.  The public key is used for
+   v0 descriptors, the service key for v2 descriptors.  In the latter case, the
+   service keys of all introduction points are included in the v2 hidden
+   service descriptor together with the other introduction point information.
+   The reason is that the introduction point does not need to and therefore
+   should not know for which hidden service it works, so as to prevent it from
+   tracking the hidden service's activity.  If the hidden service is configured
+   to publish both v0 and v2 descriptors, two separate sets of introduction
+   points are established.
 
 1.4. Bob's OP advertises his service descriptor(s).
 
@@ -551,7 +555,7 @@
    and Alice's OP does not have an established circuit to that service,
    the OP builds a rendezvous circuit.  It does this by establishing
    a circuit to a randomly chosen OR, and sending a
-   RELAY_ESTABLISH_RENDEZVOUS cell to that OR.  The body of that cell
+   RELAY_COMMAND_ESTABLISH_RENDEZVOUS cell to that OR.  The body of that cell
    contains:
 
         RC   Rendezvous cookie    [20 octets]
@@ -561,9 +565,9 @@
    The rendezvous cookie is an arbitrary 20-byte value, chosen randomly by
    Alice's OP.
 
-   Upon receiving a RELAY_ESTABLISH_RENDEZVOUS cell, the OR associates the
-   RC with the circuit that sent it.  It replies to Alice with an empty
-   RELAY_RENDEZVOUS_ESTABLISHED cell to indicate success.
+   Upon receiving a RELAY_COMMAND_ESTABLISH_RENDEZVOUS cell, the OR associates
+   the RC with the circuit that sent it.  It replies to Alice with an empty
+   RELAY_COMMAND_RENDEZVOUS_ESTABLISHED cell to indicate success.
 
    Alice's OP MUST NOT use the circuit which sent the cell for any purpose
    other than rendezvous with the given location-hidden service.
@@ -571,7 +575,7 @@
 1.8. Introduction: from Alice's OP to Introduction Point
 
    Alice builds a separate circuit to one of Bob's chosen introduction
-   points, and sends it a RELAY_INTRODUCE1 cell containing:
+   points, and sends it a RELAY_COMMAND_INTRODUCE1 cell containing:
 
        Cleartext
           PK_ID  Identifier for Bob's PK      [20 octets]
@@ -601,7 +605,7 @@
 
    The hybrid encryption to Bob's PK works just like the hybrid
    encryption in CREATE cells (see tor-spec). Thus the payload of the
-   version 0 RELAY_INTRODUCE1 cell on the wire will contain
+   version 0 RELAY_COMMAND_INTRODUCE1 cell on the wire will contain
    20+42+16+20+20+128=246 bytes, and the version 1 and version 2
    introduction formats have other sizes.
 
@@ -612,7 +616,7 @@
 
    If Alice has downloaded a v2 descriptor, she uses the contained public
    key ("service-key") instead of Bob's public key to create the
-   RELAY_INTRODUCE1 cell as described above.
+   RELAY_COMMAND_INTRODUCE1 cell as described above.
 
 1.8.1. Other introduction formats we don't use.
 
@@ -637,24 +641,27 @@
 
    If the Introduction Point recognizes PK_ID as a public key which has
    established a circuit for introductions as in 1.3 above, it sends the body
-   of the cell in a new RELAY_INTRODUCE2 cell down the corresponding circuit.
-   (If the PK_ID is unrecognized, the RELAY_INTRODUCE1 cell is discarded.)
-
-   After sending the RELAY_INTRODUCE2 cell, the OR replies to Alice with an
-   empty RELAY_COMMAND_INTRODUCE_ACK cell.  If no RELAY_INTRODUCE2 cell can
-   be sent, the OR replies to Alice with a non-empty cell to indicate an
-   error.  (The semantics of the cell body may be determined later; the
-   current implementation sends a single '1' byte on failure.)
-
-   When Bob's OP receives the RELAY_INTRODUCE2 cell, it decrypts it with
-   the private key for the corresponding hidden service, and extracts the
+   of the cell in a new RELAY_COMMAND_INTRODUCE2 cell down the corresponding
+   circuit. (If the PK_ID is unrecognized, the RELAY_COMMAND_INTRODUCE1 cell is
+   discarded.)
+
+   After sending the RELAY_COMMAND_INTRODUCE2 cell, the OR replies to Alice
+   with an empty RELAY_COMMAND_INTRODUCE_ACK cell.  If no
+   RELAY_COMMAND_INTRODUCE2 cell can be sent, the OR replies to Alice with a
+   non-empty cell to indicate an error.  (The semantics of the cell body may be
+   determined later; the current implementation sends a single '1' byte on
+   failure.)
+
+   When Bob's OP receives the RELAY_COMMAND_INTRODUCE2 cell, it decrypts it
+   with the private key for the corresponding hidden service, and extracts the
    rendezvous point's nickname, the rendezvous cookie, and the value of g^x
    chosen by Alice.
 
 1.10. Rendezvous
 
    Bob's OP builds a new Tor circuit ending at Alice's chosen rendezvous
-   point, and sends a RELAY_RENDEZVOUS1 cell along this circuit, containing:
+   point, and sends a RELAY_COMMAND_RENDEZVOUS1 cell along this circuit,
+   containing:
        RC       Rendezvous cookie  [20 octets]
        g^y      Diffie-Hellman     [128 octets]
        KH       Handshake digest   [20 octets]
@@ -662,7 +669,7 @@
    (Bob's OP MUST NOT use this circuit for any other purpose.)
 
    If the RP recognizes RC, it relays the rest of the cell down the
-   corresponding circuit in a RELAY_RENDEZVOUS2 cell, containing:
+   corresponding circuit in a RELAY_COMMAND_RENDEZVOUS2 cell, containing:
 
        g^y      Diffie-Hellman     [128 octets]
        KH       Handshake digest   [20 octets]
@@ -670,10 +677,10 @@
    (If the RP does not recognize the RC, it discards the cell and
    tears down the circuit.)
 
-   When Alice's OP receives a RELAY_RENDEZVOUS2 cell on a circuit which
-   has sent a RELAY_ESTABLISH_RENDEZVOUS cell but which has not yet received
-   a reply, it uses g^y and H(g^xy) to complete the handshake as in the Tor
-   circuit extend process: they establish a 60-octet string as
+   When Alice's OP receives a RELAY_COMMAND_RENDEZVOUS2 cell on a circuit which
+   has sent a RELAY_COMMAND_ESTABLISH_RENDEZVOUS cell but which has not yet
+   received a reply, it uses g^y and H(g^xy) to complete the handshake as in
+   the Tor circuit extend process: they establish a 60-octet string as
        K = SHA1(g^xy | [00]) | SHA1(g^xy | [01]) | SHA1(g^xy | [02])
    and generate
        KH = K[0..15]
@@ -692,7 +699,7 @@
 1.11. Creating streams
 
    To open TCP connections to Bob's location-hidden service, Alice's OP sends
-   a RELAY_BEGIN cell along the established circuit, using the special
+   a RELAY_COMMAND_BEGIN cell along the established circuit, using the special
    address "", and a chosen port.  Bob's OP chooses a destination IP and
    port, based on the configuration of the service connected to the circuit,
    and opens a TCP stream.  From then on, Bob's OP treats the stream as an
@@ -700,9 +707,10 @@
    [ Except he doesn't include addr in the connected cell or the end
      cell. -RD]
 
-   Alice MAY send multiple RELAY_BEGIN cells along the circuit, to open
-   multiple streams to Bob.  Alice SHOULD NOT send RELAY_BEGIN cells for any
-   other address along her circuit to Bob; if she does, Bob MUST reject them.
+   Alice MAY send multiple RELAY_COMMAND_BEGIN cells along the circuit, to open
+   multiple streams to Bob.  Alice SHOULD NOT send RELAY_COMMAND_BEGIN cells
+   for any other address along her circuit to Bob; if she does, Bob MUST reject
+   them.
 
 2. Authentication and authorization.