Merge branch 'rend_connected_empty' into 'main'

Misc clarifications around CONNECTED and BEGIN behavior

See merge request tpo/core/torspec!237

2 files changed, 16 insertions, 2 deletions

diff --git a/spec/rend-spec/managing-streams.md b/spec/rend-spec/managing-streams.md
index a32a352..9eb1e82 100644
--- a/spec/rend-spec/managing-streams.md
+++ b/spec/rend-spec/managing-streams.md
@@ -25,7 +25,9 @@ address and flags.
 If a service chooses to reject a BEGIN message, it should typically
 destroy the circuit entirely to prevent port scanning,
 resource exhaustion, and other undesirable behaviors.
-If it does not, it should send back an `END` message with the `DONE` reason,
+But if it rejects the BEGIN without destroy the circuit,
+it should send back an `END` message with the `DONE` reason,
 to avoid leaking any further information.
 
-
+If the service chooses to accept the BEGIN message,
+it should send back a CONNECTED message with an empty body.
diff --git a/spec/tor-spec/opening-streams.md b/spec/tor-spec/opening-streams.md
index 757f776..799b4dc 100644
--- a/spec/tor-spec/opening-streams.md
+++ b/spec/tor-spec/opening-streams.md
@@ -68,6 +68,18 @@ payload is in one of the following formats:
        A number of seconds (TTL) for which the address may be cached [4 octets]
 ```
 
+Implementations MUST accept either of these formats,
+and MUST also accept an empty RELAY_CONNECTED message body.
+
+Implmentations MAY ignore the address value,
+and MAY choose not to cache it.
+If an implementation chooses to cache the address,
+it SHOULD NOT reuse that address with any other circuit.
+
+> The reason not to cache an address
+> is that the exit might have lied about the actual address of the host,
+> or might have given us a unique address to identify us in the future.
+
 \[Tor exit nodes before 0.1.2.0 set the TTL field to a fixed value.  Later
 versions set the TTL to the last value seen from a DNS server, and expire
 their own cached entries after a fixed interval.  This prevents certain