1 files changed, 33 insertions, 0 deletions

diff --git a/spec/rend-spec/managing-streams.md b/spec/rend-spec/managing-streams.md
new file mode 100644
index 0000000..9eb1e82
--- /dev/null
+++ b/spec/rend-spec/managing-streams.md
@@ -0,0 +1,33 @@
+
+# Managing streams
+
+## Sending BEGIN messages { #send-begin }
+
+In order to open a new stream to an onion service,
+the client sends a BEGIN message on an established rendezvous circuit.
+
+When sending a BEGIN message to an onion service,
+a client should use an empty string as the target address,
+and not set any flags on the begin message.
+
+> For example, to open a connection to `<some_addr>.onion`
+> on port 443, a client would send a BEGIN message with
+> the address:port string of `":443"`, and a `FLAGS` value of 0.
+> The 0-values `FLAGS` would not be encoded, according to
+> the instructions for [encoding BEGIN messages](../tor-spec/opening-streams.md#opening).
+
+## Receiving BEGIN messages { #receive-begin }
+
+When a service receives a BEGIN message, it should check its port,
+_and ignore all other fields in the begin message_, including its
+address and flags.
+
+If a service chooses to reject a BEGIN message, it should typically
+destroy the circuit entirely to prevent port scanning,
+resource exhaustion, and other undesirable behaviors.
+But if it rejects the BEGIN without destroy the circuit,
+it should send back an `END` message with the `DONE` reason,
+to avoid leaking any further information.
+
+If the service chooses to accept the BEGIN message,
+it should send back a CONNECTED message with an empty body.