1 files changed, 9 insertions, 9 deletions

diff --git a/spec/rend-spec-v3/protocol-overview.md b/spec/rend-spec-v3/protocol-overview.md
index 173240e..afc2dd1 100644
--- a/spec/rend-spec-v3/protocol-overview.md
+++ b/spec/rend-spec-v3/protocol-overview.md
@@ -8,7 +8,7 @@ fully below, when we specify the protocol in more detail.
 
 <a id="rend-spec-v3.txt-1.1"></a>
 
-## View from 10,000 feet
+## View from 10,000 feet {#10000-feet}
 
 A hidden service host prepares to offer a hidden service by choosing
 several Tor nodes to serve as its introduction points. It builds
@@ -47,7 +47,7 @@ communicate data on those streams, and so forth.
 
 <a id="rend-spec-v3.txt-1.2"></a>
 
-## In more detail: naming hidden services \[NAMING\]
+## In more detail: naming hidden services {#NAMING}
 
 A hidden service's name is its long term master identity key.  This is
 encoded as a hostname by encoding the entire key in Base 32, including a
@@ -73,7 +73,7 @@ their length. An older name might look like:
 
 <a id="rend-spec-v3.txt-1.3"></a>
 
-## In more detail: Access control \[IMD:AC\]
+## In more detail: Access control {#IMD:AC}
 
 Access control for a hidden service is imposed at multiple points through
 the process above. Furthermore, there is also the option to impose
@@ -108,7 +108,7 @@ require the client to prove knowledge of a pre-shared private key.
 
 <a id="rend-spec-v3.txt-1.4"></a>
 
-## In more detail: Distributing hidden service descriptors. \[IMD:DIST\]
+## In more detail: Distributing hidden service descriptors. {#IMD:DIST}
 
 Periodically, hidden service descriptors become stored at different
 locations to prevent a single directory or small set of directories
@@ -153,7 +153,7 @@ until the new keys come online.
 
 <a id="rend-spec-v3.txt-1.5"></a>
 
-## In more detail: Scaling to multiple hosts
+## In more detail: Scaling to multiple hosts {#imd-scaling}
 
 This design is compatible with our current approaches for scaling hidden
 services. Specifically, hidden service operators can use onionbalance to
@@ -175,7 +175,7 @@ introduction points.
 
 <a id="rend-spec-v3.txt-1.7"></a>
 
-## In more detail: Keeping crypto keys offline
+## In more detail: Keeping crypto keys offline {#imd-offline-keys}
 
 In this design, a hidden service's secret identity key may be
 stored offline.  It's used only to generate blinded signing keys,
@@ -202,7 +202,7 @@ implemented as of 0.3.2.1-alpha.)
 
 <a id="rend-spec-v3.txt-1.8"></a>
 
-## In more detail: Encryption Keys And Replay Resistance
+## In more detail: Encryption Keys And Replay Resistance {#imd-encryption-keys}
 
 To avoid replays of an introduction request by an introduction point,
 a hidden service host must never accept the same request
@@ -213,7 +213,7 @@ discussion.)
 
 <a id="rend-spec-v3.txt-1.9"></a>
 
-## In more detail: A menagerie of keys
+## In more detail: A menagerie of keys {#imd-key-menagerie}
 
 \[In the text below, an "encryption keypair" is roughly "a keypair you
 can do Diffie-Hellman with" and a "signing keypair" is roughly "a
@@ -292,7 +292,7 @@ Public/private keypairs defined in this document:
 
 <a id="rend-spec-v3.txt-1.9.1"></a>
 
-### In even more detail: Client authorization keys \[CLIENT-AUTH\]
+### In even more detail: Client authorization keys {#CLIENT-AUTH}
 
 When client authorization is enabled, each authorized client of a hidden
 service has two more asymmetric keypairs which are shared with the hidden