diff --git a/addressing/README.md b/addressing/README.md index 23ddfb090..77c5007ee 100644 --- a/addressing/README.md +++ b/addressing/README.md @@ -393,13 +393,10 @@ connection involves 3 security protocol upgrades: 3. Upgrading the relayed connection from the source to the destination. The security protocol is specified by appending - `/p2p-circuit-inner/` to the full + `/p2p-circuit-security/` to the full address. - - - Example: `/p2p-circuit//p2p-circuit-inner/tls` + Example: `/p2p-circuit//p2p-circuit-security/tls` Note: One might be tempted to not specify (3) and simply use the security protocol in (2). This would break if the security protocol used for (2) can diff --git a/relay/circuit-v2.md b/relay/circuit-v2.md index cd173dbb7..40c956f62 100644 --- a/relay/circuit-v2.md +++ b/relay/circuit-v2.md @@ -301,10 +301,10 @@ be encapsulated in the multiaddr (see [The multiaddr security component section](../addressing/README.md#the-multiaddr-security-component)). A relayed connection is not an exception. A target advertises the support for a security protocol for relayed connections by appending -`/p2p-circuit-inner/` to its relayed multiaddresses. An +`/p2p-circuit-security/` to its relayed multiaddresses. An initiator may include any set of relayed multiaddr in the `peer` field of `HopMessage` on type `CONNECT` in which all addresses end with the same -`/p2p-circuit-inner/`. The initiator is thus signaling to the +`/p2p-circuit-security/`. The initiator is thus signaling to the target which security protocol, out of all advertised security protocols by the target, the initiator chose to use on the relayed connection. @@ -312,10 +312,10 @@ As an example, let's say the target listens for incoming relayed connections via relay `R1` and relay `R2`. In addition it supports both TLS Noise as security protocols. It would then advertise the following relayed multiaddresses: -- `/p2p-circuit/p2p/QmTarget/p2p-circuit-inner/tls` -- `/p2p-circuit/p2p/QmTarget/p2p-circuit-inner/noise` -- `/p2p-circuit/p2p/QmTarget/p2p-circuit-inner/tls` -- `/p2p-circuit/p2p/QmTarget/p2p-circuit-inner/noise` +- `/p2p-circuit/p2p/QmTarget/p2p-circuit-security/tls` +- `/p2p-circuit/p2p/QmTarget/p2p-circuit-security/noise` +- `/p2p-circuit/p2p/QmTarget/p2p-circuit-security/tls` +- `/p2p-circuit/p2p/QmTarget/p2p-circuit-security/noise` Once the initiator received the above multiaddresses and decides to initiate a relayed connection to the target, it needs to decide whether it wants to secure @@ -323,12 +323,12 @@ the relayed connection via TLS or Noise. Say it decides for Noise it would then include the multiaddresses below in it `HopMessage` with type `Connect` in the `peer` field: -- `/p2p-circuit/p2p/QmTarget/p2p-circuit-inner/noise` -- `/p2p-circuit/p2p/QmTarget/p2p-circuit-inner/noise` +- `/p2p-circuit/p2p/QmTarget/p2p-circuit-security/noise` +- `/p2p-circuit/p2p/QmTarget/p2p-circuit-security/noise` Note that all addresses sent by the initiator in the `peer` field MUST share the same security protocol for the relayed connection -(`/p2p-circuit-inner/`). +(`/p2p-circuit-security/`). ### Stop Protocol @@ -371,7 +371,7 @@ Common failure status codes are: #### Security protocol selection for the relayed connection A target may advertise support for different security protocols by advertising -multiple multiaddresses with different `/p2p-circuit-inner/` +multiple multiaddresses with different `/p2p-circuit-security/` suffixes. A target needs some mechanism to determine which of the advertised security protocols the initiator intends to use to secure an incoming relayed connection. The target can use the addresses included in the `target` field of @@ -379,7 +379,7 @@ the `StopMessage` to determine which security protocol the initiator chose to secure the relayed connection. Note that all addresses sent by the initiator MUST share the same security -protocol for the relayed connection (`/p2p-circuit-inner/`). +protocol for the relayed connection (`/p2p-circuit-security/`). Thus a target MUST abort the connection attempt (i.e. reset the stream) if it receives a `CONNECT` with varying security protocols for the relay connection.