diff --git a/i2p2www/spec/proposals/159-ssu2.rst b/i2p2www/spec/proposals/159-ssu2.rst
index dcbd251b..e89f5dfb 100644
--- a/i2p2www/spec/proposals/159-ssu2.rst
+++ b/i2p2www/spec/proposals/159-ssu2.rst
@@ -86,7 +86,7 @@ Design Goals
   Also ensure that the messages going to a single peer or set of peers do not
   have a similar pattern of bits.
 
-- Fix loss of bits in DH due to Java format [Ticket1112]_, possibly (probably?)
+- Fix loss of bits in DH due to Java format [Ticket1112]_, and speed up the DH
   by switching to X25519.
 
 - Switch to a real key derivation function (KDF) rather than using the DH
@@ -104,14 +104,12 @@ Design Goals
 
 - Add options/version in handshake for future extensibility.
 
-- Add resistance to malicious MitM TCP segmentation if possible.
-
 - Don't add significantly to CPU required for connection setup; if possible,
   reduce it significantly.
 
 - Add message authentication (MAC) using ChaCha/Poly1305.
 
-- Use a 3-message,  one-round-trip handshake, as in [SSU]_.
+- Use a 3-message,  one-round-trip handshake, as in [NTCP2]_ and [SSU]_.
 
 - Minimize protocol overhead before padding. While padding will be added,
   overhead before padding is still overhead.
@@ -2170,8 +2168,12 @@ is the initiator, and Bob is the responder.
 
 SSU2 is based on the Noise protocol Noise_XK_25519_ChaChaPoly_SHA256.
 (The actual identifier for the initial key derivation function
-is "Noise_XKaesobfse+hs2+hs3_25519_ChaChaPoly_SHA256"
+is "Noise_XKaesobfse+hs1+hs2+hs3_25519_ChaChaPoly_SHA256"
 to indicate I2P extensions - see KDF 1 section below)
+
+NOTE: This identifier is different than that used for NTCP2, because 
+all three handshake messages use the header as associated data.
+
 This Noise protocol uses the following primitives:
 
 - Handshake Pattern: XK
@@ -2325,7 +2327,7 @@ Before header obfuscation and protection:
 +----+----+----+----+----+----+----+----+
   |      Destination Connection ID        |
   +----+----+----+----+----+----+----+----+
-  | id | ver|type|flag|  Packet Number    |
+  |type  ver| id |flag|  Packet Number    |
   +----+----+----+----+----+----+----+----+
   |        Source Connection ID           |
   +----+----+----+----+----+----+----+----+
@@ -2334,11 +2336,11 @@ Before header obfuscation and protection:
 
   Destination Connection ID :: 8 bytes, unsigned big endian integer
 
-  id :: 1 byte, the network ID (currently 2, except for test networks)
+  type :: The message type, 0-255
 
   ver :: The protocol version, equal to 2
 
-  type :: The message type, 0-10
+  id :: 1 byte, the network ID (currently 2, except for test networks)
 
   flag :: 1 byte, unused, set to 0 for future compatibility
 
@@ -2519,8 +2521,8 @@ exactly as defined in the Noise spec.
 This is the "e" message pattern:
 
   // Define protocol_name.
-  Set protocol_name = "Noise_XKaesobfse+hs2+hs3_25519_ChaChaPoly_SHA256"
-   (48 bytes, US-ASCII encoded, no NULL termination).
+  Set protocol_name = "Noise_XKaesobfse+hs1+hs2+hs3_25519_ChaChaPoly_SHA256"
+   (52 bytes, US-ASCII encoded, no NULL termination).
 
   // Define Hash h = 32 bytes
   h = SHA256(protocol_name);
@@ -2599,8 +2601,8 @@ This is the "e" message pattern:
 
 
 
-1) SessionRequest
-------------------
+SessionRequest (Type 0)
+------------------------
 
 Alice sends to Bob.
 
@@ -2701,7 +2703,7 @@ Unencrypted data (Poly1305 authentication tag not shown):
 +----+----+----+----+----+----+----+----+
   |      Destination Connection ID        |
   +----+----+----+----+----+----+----+----+
-  | id | ver|type|flag|  Packet Number    |
+  |type  ver| id |flag|  Packet Number    |
   +----+----+----+---HTTP/1.1 200 OK
Set-Cookie: i_like_gitea=508f1384d11ad308; Path=/; HttpOnly; Secure; SameSite=Lax
Set-Cookie: _csrf=sxjLAWQ-RkhWPOQByUiqvyMbJ-g6MTc1MzI1NDk3ODAwMzM2NDA1NA; Path=/; Max-Age=86400; HttpOnly; Secure; SameSite=Lax
X-Frame-Options: SAMEORIGIN
Date: Wed, 23 Jul 2025 07:16:18 GMT
Content-Type: text/plain; charset=utf-8
Connection: close
Transfer-Encoding: chunked
Cache-Control: max-age=0, private, must-revalidate, no-transform
X-Cache-Status: HIT
X-Cache-Age: 0

5be0
diff --git a/i2p2www/spec/proposals/159-ssu2.rst b/i2p2www/spec/proposals/159-ssu2.rst
index dcbd251b..e89f5dfb 100644
--- a/i2p2www/spec/proposals/159-ssu2.rst
+++ b/i2p2www/spec/proposals/159-ssu2.rst
@@ -86,7 +86,7 @@ Design Goals
   Also ensure that the messages going to a single peer or set of peers do not
   have a similar pattern of bits.
 
-- Fix loss of bits in DH due to Java format [Ticket1112]_, possibly (probably?)
+- Fix loss of bits in DH due to Java format [Ticket1112]_, and speed up the DH
   by switching to X25519.
 
 - Switch to a real key derivation function (KDF) rather than using the DH
@@ -104,14 +104,12 @@ Design Goals
 
 - Add options/version in handshake for future extensibility.
 
-- Add resistance to malicious MitM TCP segmentation if possible.
-
 - Don't add significantly to CPU required for connection setup; if possible,
   reduce it significantly.
 
 - Add message authentication (MAC) using ChaCha/Poly1305.
 
-- Use a 3-message,  one-round-trip handshake, as in [SSU]_.
+- Use a 3-message,  one-round-trip handshake, as in [NTCP2]_ and [SSU]_.
 
 - Minimize protocol overhead before padding. While padding will be added,
   overhead before padding is still overhead.
@@ -2170,8 +2168,12 @@ is the initiator, and Bob is the responder.
 
 SSU2 is based on the Noise protocol Noise_XK_25519_ChaChaPoly_SHA256.
 (The actual identifier for the initial key derivation function
-is "Noise_XKaesobfse+hs2+hs3_25519_ChaChaPoly_SHA256"
+is "Noise_XKaesobfse+hs1+hs2+hs3_25519_ChaChaPoly_SHA256"
 to indicate I2P extensions - see KDF 1 section below)
+
+NOTE: This identifier is different than that used for NTCP2, because 
+all three handshake messages use the header as associated data.
+
 This Noise protocol uses the following primitives:
 
 - Handshake Pattern: XK
@@ -2325,7 +2327,7 @@ Before header obfuscation and protection:
 +----+----+----+----+----+----+----+----+
   |      Destination Connection ID        |
   +----+----+----+----+----+----+----+----+
-  | id | ver|type|flag|  Packet Number    |
+  |type  ver| id |flag|  Packet Number    |
   +----+----+----+----+----+----+----+----+
   |        Source Connection ID           |
   +----+----+----+----+----+----+----+----+
@@ -2334,11 +2336,11 @@ Before header obfuscation and protection:
 
   Destination Connection ID :: 8 bytes, unsigned big endian integer
 
-  id :: 1 byte, the network ID (currently 2, except for test networks)
+  type :: The message type, 0-255
 
   ver :: The protocol version, equal to 2
 
-  type :: The message type, 0-10
+  id :: 1 byte, the network ID (currently 2, except for test networks)
 
   flag :: 1 byte, unused, set to 0 for future compatibility
 
@@ -2519,8 +2521,8 @@ exactly as defined in the Noise spec.
 This is the "e" message pattern:
 
   // Define protocol_name.
-  Set protocol_name = "Noise_XKaesobfse+hs2+hs3_25519_ChaChaPoly_SHA256"
-   (48 bytes, US-ASCII encoded, no NULL termination).
+  Set protocol_name = "Noise_XKaesobfse+hs1+hs2+hs3_25519_ChaChaPoly_SHA256"
+   (52 bytes, US-ASCII encoded, no NULL termination).
 
   // Define Hash h = 32 bytes
   h = SHA256(protocol_name);
@@ -2599,8 +2601,8 @@ This is the "e" message pattern:
 
 
 
-1) SessionRequest
-------------------
+SessionRequest (Type 0)
+------------------------
 
 Alice sends to Bob.
 
@@ -2701,7 +2703,7 @@ Unencrypted data (Poly1305 authentication tag not shown):
 +----+----+----+----+----+----+----+----+
   |      Destination Connection ID        |
   +----+----+----+----+----+----+----+----+
-  | id | ver|type|flag|  Packet Number    |
+  |type  ver| id |flag|  Packet Number    |
   +----+----+----+---
0