3 files changed, 39 insertions, 40 deletions
diff --git a/TODO b/TODO
index e9a52069e..c99e981a1 100644
--- a/TODO
+++ b/TODO
@@ -4,30 +4,9 @@ core:
 - test fails with fresh /tmp directory (but passes when run a second time)
  problem seems to be caused by HELLO validation (unvalidated 
  HELLO not used to connect for good, then somehow SETKEY never happens);
-  * double-check crypto involved in HELLO validation (PONG signature check; 
+  I suspect the code simply drops messages that happen while no validated
-    what about MiM?  Might be trivial right now; adding source IP-address
+  HELLO is available; this maybe OK, but I need to find the spot and
-    to PONG signature might help?  How would we validate that (given that
+  add at least an INFO-log message; also should then fix testcase to retry.
-    we may be learning our source IP address(es) the same way...))
-    + if we add address to transport-level PONG, we may be able to simplify
-      WELCOME messages (no need to add addresses there anymore, right?);
-    + we probably want some kind of voting/counting for learning IP addresses
-      (maybe including IP addresses in ads proportional to how often others
-       report them? we at least need some protection against >64k HELLOs!),
-    + provide a way to give the user a list of "learned" IP addresses and
-      a way to easily "veto" addresses off the list!
-      => If MiM attacker uses vetoed address, blacklist the specific IP for
-         the presumed neighbour!
- * Use special, non-WELCOMEing TCP-connection for HELLO/address validation;
-    that way, we can avoid confusion between a dozen parallel validating connections
-    and the real one, avoid queueing messages on validating connections and
-    shut those down immediately after sending/receiving the PONG
-    (and maybe avoid some signalling about connections to the other layers)
-  * core notifies clients about "encrypted" connections being up well before
-    we get the encrypted PONG; sometimes this may be OK (for topology killing
-    unwanted connnections), but of course not in general.  I suspect we want
-    to signal on PONG and have topology hook directly into transport to
-    kill plaintext connections before they have a chance to become encrypted
-    (may require minor hack in transport API)
 Util:
 * improve disk API [Nils] (Nils, is this done? -Christian)
@@ -153,6 +132,15 @@ Minor TODO items:
    should possibly try to confirm that the given address works for
    us ourselves (loopback-style) before adding it to the list
    [SECURITY issue]
+    + we may be able to simplify WELCOME messages (no need to add 
+      addresses there anymore, but may help to learn them there anyway...).
+    + we probably want some kind of voting/counting for learning IP addresses
+      (maybe including IP addresses in ads proportional to how often others
+       report them? we at least need some protection against >64k HELLOs!),
+    + provide a way to give the user a list of "learned" IP addresses and
+      a way to easily "veto" addresses off the list!
+      => If MiM attacker uses vetoed address, blacklist the specific IP for
+         the presumed neighbour!
  - not sure current way of doing ACKs works well-enough 
    with unreliable transports where the ACK maybe lost;
    the "is_new" check would then possibly prevent future
@@ -179,6 +167,13 @@ Minor TODO items:
  - have way to specify dependencies between services (to manage ARM restarts better)
  - client-API is inefficient since it opens a TCP connection per service that is started
    (instead of re-using connections).
+* CORE: 
+  - code currently notifies clients about "encrypted" connections being up well before
+    we get the encrypted PONG; sometimes this may be OK (for topology killing
+    unwanted connnections), but of course not in general.  I suspect we want
+    to signal on PONG and have topology hook directly into transport to
+    kill plaintext connections before they have a chance to become encrypted
+    (may require minor hack in transport API)
 * PEERINFO:
  - have gnunet-peerinfo print actual host addresses again
  - add option to gnunet-peerinfo to modify trust value
diff --git a/src/include/gnunet_protocols.h b/src/include/gnunet_protocols.h
index f78464593..419bbe28d 100644
--- a/src/include/gnunet_protocols.h
+++ b/src/include/gnunet_protocols.h
@@ -170,20 +170,10 @@ extern "C"
 #define GNUNET_MESSAGE_TYPE_TRANSPORT_TRY_CONNECT 27
 /**
- * Request to other peer to confirm receipt.
- */
-#define GNUNET_MESSAGE_TYPE_TRANSPORT_PING 28
-/**
- * Message from other peer confirming receipt.
- */
-#define GNUNET_MESSAGE_TYPE_TRANSPORT_PONG 29
-/**
 * Response to another peer confirming that communication was
 * established.
 */
-#define GNUNET_MESSAGE_TYPE_TRANSPORT_ACK 30
+#define GNUNET_MESSAGE_TYPE_TRANSPORT_ACK 28
 /**
@@ -213,14 +203,28 @@ extern "C"
 /**
- * Welcome message between TCP transports.
+ * Message by which a TCP transport notifies
+ * the other that it wants to check an address
+ * (and not initiate a persistent connection).
+ */
+#define GNUNET_MESSAGE_TYPE_TRANSPORT_TCP_PING 40
+/**
+ * Message by which a TCP transport confirms
+ * the other that the address used worked.
+ */
+#define GNUNET_MESSAGE_TYPE_TRANSPORT_TCP_PONG 41
+/**
+ * Welcome message between TCP transports
+ * (for a persistent connection).
 */
-#define GNUNET_MESSAGE_TYPE_TRANSPORT_TCP_WELCOME 40
+#define GNUNET_MESSAGE_TYPE_TRANSPORT_TCP_WELCOME 42
 /**
 * Data message between TCP transports.
 */
-#define GNUNET_MESSAGE_TYPE_TRANSPORT_TCP_DATA 41
+#define GNUNET_MESSAGE_TYPE_TRANSPORT_TCP_DATA 43
 /**
diff --git a/src/include/gnunet_signatures.h b/src/include/gnunet_signatures.h
index adb00c1ac..90b04edb1 100644
--- a/src/include/gnunet_signatures.h
+++ b/src/include/gnunet_signatures.h
@@ -43,9 +43,9 @@ extern "C"
 #define GNUNET_SIGNATURE_PURPOSE_TEST 0
 /**
- * Signature for confirming HELLOs.
+ * Signature for confirming HELLOs for TCP plugins.
 */
-#define GNUNET_SIGNATURE_PURPOSE_TRANSPORT_HELLO 1
+#define GNUNET_SIGNATURE_PURPOSE_TRANSPORT_TCP_PING 1
 /**