diff --git a/src/tapir.md b/src/tapir.md
index 255bfab..25479d9 100644
--- a/src/tapir.md
+++ b/src/tapir.md
@@ -98,20 +98,6 @@ we expect it to be protected via a preceeding app in an `ApplicationChain` e.g.
 
 * No direct testing (tested via integration tests and unit tests)
 
-### Ephemeral Connections
-
-Occasionally it is desirable to have a peer connect to a service
-without using their long term identity (e.g. in the case of connecting to
-a Cwtch Server).
-
-In this case we want to enable a convenient way to allow connecting with an
-**ephemeral identity**.
-
-It turns out that doing this securely requires maintaining a completely separate
-set of connections and applications in order to avoid side channels caused by duplicate connections handling.
-
-As such the Cwtch Protocol Engine maintains two disctinct connection pools, one for avowed connections and another
-for ephemeral connections. All connections to known Cwtch Servers are made through the ephemeral pool.
 
 ## Known Risks  
 
@@ -165,6 +151,22 @@ handling of such instances (such as returning an error when they are found
 allowing a handling application to retry the request if a connection with a
 given capability isn't returned)
 
+### Ephemeral Connections
+
+Occasionally it is desirable to have a peer connect to a service
+without using their long term identity (e.g. in the case of connecting to
+a Cwtch Server).
+
+In this case we want to enable a convenient way to allow connecting with an
+**ephemeral identity**.
+
+It turns out that doing this securely requires maintaining a completely separate
+set of connections and applications in order to avoid side channels caused by duplicate connections handling.
+
+As such the Cwtch Protocol Engine maintains two disctinct connection pools, one for avowed connections and another
+for ephemeral connections. All connections to known Cwtch Servers are made through the ephemeral pool.
+
+
 ## Testing Status
 
 Tapir features a number of well-defined integration tests which exercise not