The tor-spec used to say: ``` As soon as it gets the CERTS cell, the initiator knows whether the responder is correctly authenticated. At this point the initiator may send a NETINFO cell if it does not wish to authenticate, or a CERTS cell, an AUTHENTICATE cell (4.4), and a NETINFO cell if it does. ``` I changed it to: ``` The initiator can use the CERTS cell to confirm whether the responder is correctly authenticated. If the initiator does not wish to authenticate, it can send a NETINFO cell once it has received the VERSIONS cell from the responder. If the initiator does wish to authenticate, it waits until it gets the AUTH_CHALLENGE cell, and then sends a CERTS cell, an AUTHENTICATE cell (4.4), and a NETINFO cell. ``` since that's what the code does. But troll_un points out that we should probably change the code so the client checks the CERTS cell and either hangs up then, or sends her NETINFO comfortable in the knowledge that she knows who she's sending the NETINFO cell to. If we do change the code, we'd then want to revert (and probably still clean up a bit more) the spec change.