Negotiating channels: Clarify and adjust.

1 files changed, 6 insertions, 13 deletions

diff --git a/spec/tor-spec/negotiating-channels.md b/spec/tor-spec/negotiating-channels.md
index fbd3d6a..b428594 100644
--- a/spec/tor-spec/negotiating-channels.md
+++ b/spec/tor-spec/negotiating-channels.md
@@ -167,13 +167,6 @@ A CERTS cell MUST have no more than one certificate of any CertType.
 
 ### Authenticating the responder from its CERTS {#auth-responder}
 
-When the initiator is required
-by other parts of this specification
-to verify the identity of the responder,
-the responder must provide a CERTS cell as follows:
-
-XXXX ^ but I think this is always required?  So surely this should be
-
 The responder's CERTS cell is as follows:
 
 - The CERTS cell contains exactly one CertType 4 Ed25519
@@ -209,9 +202,9 @@ has the identity `KP_relayid_ed`.
 
 ### Validating an initiator's CERTS {#validate-initiator-certs}
 
-When the responder is required
-by other parts of this specification
-to verify the identity of the initiator,
+When required
+by [other parts of this specification](./channels.md#does-initiator-authenticate);
+to prove its identity,
 the initiator must provide a CERTS cell.
 
 > Recall that
@@ -219,8 +212,8 @@ the initiator must provide a CERTS cell.
 > bridges and clients do not prove their identity.
 
 The initiator's CERTS cell must conform to the rules
-for the responder's CERTS cell (see above)
-[mutatis mutandis](https://en.wikipedia.org/wiki/Mutatis_mutandis),
+for the responder's CERTS cell (see above,
+exchanging "initiator" and "responder")
 except that:
 
 **Instead** of containg a `SIGNING_V_TLS_CERT`,
@@ -235,7 +228,7 @@ The responder must check all of the CERTS cell's properties
 (as stated here, and in the previous section).
 If this is successful
 **and**
-the initiator can send a valid
+the initiator later sends a valid
 [AUTHENTICATE cell](#AUTHENTICATE-cells),
 then the initiator has ownership of the presented `KP_relayid_ed`.