diff --git a/i2p2www/spec/proposals/159-ssu2.rst b/i2p2www/spec/proposals/159-ssu2.rst
index 79e8a817..abf45e2b 100644
--- a/i2p2www/spec/proposals/159-ssu2.rst
+++ b/i2p2www/spec/proposals/159-ssu2.rst
@@ -2747,10 +2747,14 @@ when a packet containing that information is determined to be lost,
 and sending ceases when a packet containing that information is remain the same)
 acknowledged.
 
-Packets are never retransmitted with the same packet number.
+Data Packets are never retransmitted with the same packet number.
 Any retransmission of packet contents (whether or not the contents remain the same)
 must use the next unused packet number.
 
+The handshake messages Session Request, Session Created, and Session Confirmed
+MUST be retransmitted with the same packet number and identical encrypted contents,
+so that the same chained hash will be used to encrypt the response.
+
 Packet numbering starts with Session Request. Assuming no retransmissions
 in the handshake, and no Retry reply from Bob, the packet numbers
 in an example standard handshake will be:
@@ -2775,7 +2779,7 @@ Alice                           Bob
 
 Any retransmission of handshake messages
 (SessionRequest, SessionCreated, or SessionConfirmed)
-must be resent unchanged, except for incrementing the packet number.
+must be resent unchanged, with the same packet number.
 Do not use different ephemeral keys or change the payload
 when retransmitting these messages.
 
@@ -2836,7 +2840,7 @@ Header Protection KDF:
   {% highlight lang='dataspec' %}
 // incoming encrypted packet
   len = packet.length
-  // take the last 16 bytes before the MAC
+  // take the last 12 bytes before the MAC
   sample = packet[len-32:len-17]
   n = sample[4:15]
   key = header protection key
@@ -2844,9 +2848,6 @@ Header Protection KDF:
   mask = ChaCha20.encrypt(key, n, data)
 
   // encrypt the header by XORing with the mask
-  // short header
-  header[8:12] ^= mask[0:4]
-  // long header
   header[8:15] ^= mask[0:7]
 
 
@@ -3204,7 +3205,7 @@ Unencrypted data (Poly1305 authentication tag not shown):
 
   flag :: 1 byte, unused, set to 0 for future compatibility
 
-  Packet Number :: 0 unless retransmitted or resent after Retry
+  Packet Number :: 0 unless resent after Retry
 
   Source Connection ID :: Randomly generated by Alice
 
@@ -3464,7 +3465,7 @@ Unencrypted data (Poly1305 auth tag not shown):
 
   flag :: 1 byte, unused, set to 0 for future compatibility
 
-  Packet Number :: 0 unless retransmitted or resent after Retry
+  Packet Number :: 0 unless resent after Retry
 
   Source Connection ID :: Randomly generated by Alice
 
@@ -3722,7 +3723,8 @@ Unencrypted data (Poly1305 auth tags not shown):
   Destination Connection ID :: As sent in Session Request,
                                or one received in Session Confirmed?
 
-  Packet Number :: 1 unless retransmitted or resent after Retry
+  Packet Number :: 1 unless the Session Request message was
+                   retransmitted or resent after Retry
 
   type :: 2
 
@@ -4247,7 +4249,7 @@ Session setup is not complete until all fragments are received.
   +----+----+----+----+----+              +
   |                                       |
   +       Router Info fragment            +
-  | (Alice RI in Sessopm Confirmed)       |
+  | (Alice RI in Session Confirmed)       |
   ~ (Alice, Bob, or third-party           ~
   |  RI in data phase)                    |
   ~               .   .   .               ~
@@ -4259,7 +4261,8 @@ Session setup is not complete until all fragments are received.
   flag :: 1 byte flags
          bit order: 76543210 (bit 7 is MSB)
          bit 0: HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Connection: close
Transfer-Encoding: chunked
Cache-Control: max-age=0, private, must-revalidate, no-transform
Set-Cookie: i_like_gitea=aeeeca26f564c41b; Path=/; HttpOnly; Secure; SameSite=Lax
Set-Cookie: _csrf=IM1uTvM1-bR9ZI1oyVgi3mz4IZQ6MTc1MzI1NDg1MDc2NTc3MTQyMg; Path=/; Max-Age=86400; HttpOnly; Secure; SameSite=Lax
X-Frame-Options: SAMEORIGIN
Date: Wed, 23 Jul 2025 07:14:10 GMT
X-Cache-Status: HIT
X-Cache-Age: 0

36b4
diff --git a/i2p2www/spec/proposals/159-ssu2.rst b/i2p2www/spec/proposals/159-ssu2.rst
index 79e8a817..abf45e2b 100644
--- a/i2p2www/spec/proposals/159-ssu2.rst
+++ b/i2p2www/spec/proposals/159-ssu2.rst
@@ -2747,10 +2747,14 @@ when a packet containing that information is determined to be lost,
 and sending ceases when a packet containing that information is remain the same)
 acknowledged.
 
-Packets are never retransmitted with the same packet number.
+Data Packets are never retransmitted with the same packet number.
 Any retransmission of packet contents (whether or not the contents remain the same)
 must use the next unused packet number.
 
+The handshake messages Session Request, Session Created, and Session Confirmed
+MUST be retransmitted with the same packet number and identical encrypted contents,
+so that the same chained hash will be used to encrypt the response.
+
 Packet numbering starts with Session Request. Assuming no retransmissions
 in the handshake, and no Retry reply from Bob, the packet numbers
 in an example standard handshake will be:
@@ -2775,7 +2779,7 @@ Alice                           Bob
 
 Any retransmission of handshake messages
 (SessionRequest, SessionCreated, or SessionConfirmed)
-must be resent unchanged, except for incrementing the packet number.
+must be resent unchanged, with the same packet number.
 Do not use different ephemeral keys or change the payload
 when retransmitting these messages.
 
@@ -2836,7 +2840,7 @@ Header Protection KDF:
   {% highlight lang='dataspec' %}
 // incoming encrypted packet
   len = packet.length
-  // take the last 16 bytes before the MAC
+  // take the last 12 bytes before the MAC
   sample = packet[len-32:len-17]
   n = sample[4:15]
   key = header protection key
@@ -2844,9 +2848,6 @@ Header Protection KDF:
   mask = ChaCha20.encrypt(key, n, data)
 
   // encrypt the header by XORing with the mask
-  // short header
-  header[8:12] ^= mask[0:4]
-  // long header
   header[8:15] ^= mask[0:7]
 
 
@@ -3204,7 +3205,7 @@ Unencrypted data (Poly1305 authentication tag not shown):
 
   flag :: 1 byte, unused, set to 0 for future compatibility
 
-  Packet Number :: 0 unless retransmitted or resent after Retry
+  Packet Number :: 0 unless resent after Retry
 
   Source Connection ID :: Randomly generated by Alice
 
@@ -3464,7 +3465,7 @@ Unencrypted data (Poly1305 auth tag not shown):
 
   flag :: 1 byte, unused, set to 0 for future compatibility
 
-  Packet Number :: 0 unless retransmitted or resent after Retry
+  Packet Number :: 0 unless resent after Retry
 
   Source Connection ID :: Randomly generated by Alice
 
@@ -3722,7 +3723,8 @@ Unencrypted data (Poly1305 auth tags not shown):
   Destination Connection ID :: As sent in Session Request,
                                or one received in Session Confirmed?
 
-  Packet Number :: 1 unless retransmitted or resent after Retry
+  Packet Number :: 1 unless the Session Request message was
+                   retransmitted or resent after Retry
 
   type :: 2
 
@@ -4247,7 +4249,7 @@ Session setup is not complete until all fragments are received.
   +----+----+----+----+----+              +
   |                                       |
   +       Router Info fragment            +
-  | (Alice RI in Sessopm Confirmed)       |
+  | (Alice RI in Session Confirmed)       |
   ~ (Alice, Bob, or third-party           ~
   |  RI in data phase)                    |
   ~               .   .   .               ~
@@ -4259,7 +4261,8 @@ Session setup is not complete until all fragments are received.
   flag :: 1 byte flags
          bit order: 76543210 (bit 7 is MSB)
          bit 0: 
0