diff --git a/README.md b/README.md
index 9096fa5..2f9ecc6 100644
--- a/README.md
+++ b/README.md
@@ -35,16 +35,16 @@ const secio = require('libp2p-secio')
 
 ## API
 
-### `SecureSession`
+### `tag`
 
-#### `constructor(id, key, insecure)`
+The current `secio` tag, usable in `multistream`.
+
+### `encrypt(id, key, insecure)`
 
 - `id: PeerId` - The id of the node.
 - `key: RSAPrivateKey` - The private key of the node.
 - `insecure: PullStream` - The insecure connection.
 
-### `.secure`
-
 Returns the `insecure` connection provided, wrapped with secio. This is a pull-stream.
 
 ### This module uses `pull-streams`
diff --git a/src/index.js b/src/index.js
index 73597d3..424b3c7 100644
--- a/src/index.js
+++ b/src/index.js
@@ -6,8 +6,9 @@ const Connection = require('interface-connection').Connection
 const handshake = require('./handshake')
 const State = require('./state')
 
-exports.SecureSession = class SecureSession {
-  constructor (local, key, insecure) {
+module.exports = {
+  tag: '/secio/1.0.0',
+  encrypt (local, key, insecure) {
     if (!local) {
       throw new Error('no local id provided')
     }
@@ -20,17 +21,14 @@ exports.SecureSession = class SecureSession {
       throw new Error('no insecure stream provided')
     }
 
-    this.state = new State(local, key)
-    this.insecure = insecure
+    const state = new State(local, key)
 
     pull(
-      this.insecure,
-      handshake(this.state),
-      this.insecure
+      insecure,
+      handshake(state),
+      insecure
     )
-  }
 
-  get secure () {
-    return new Connection(this.state.secure, this.insecure)
+    return new Connection(state.secure, insecure)
   }
 }
diff --git a/test/index.spec.js b/test/index.spec.js
index e1ec3c0..faee8ac 100644
--- a/test/index.spec.js
+++ b/test/index.spec.js
@@ -12,24 +12,26 @@ const pull = require('pull-stream')
 const Listener = ms.Listener
 const Dialer = ms.Dialer
 
-const SecureSession = require('../src').SecureSession
+const secio = require('../src')
 
 describe('libp2p-secio', () => {
+  it('exports a tag', () => {
+    expect(secio.tag).to.be.eql('/secio/1.0.0')
+  })
+
   it('upgrades a connection', (done) => {
     const p = pair()
 
     const local = createSession(p[0])
     const remote = createSession(p[1])
-    const localSecure = local.session.secure
 
     pull(
       pull.values(['hello world']),
-      localSecure
+      local
     )
 
-    const remoteSecure = remote.session.secure
     pull(
-      remoteSecure,
+      remote,
       pull.collect((err, chunks) => {
         expect(err).to.not.exist
         expect(chunks).to.be.eql([new Buffer('hello world')])
@@ -52,7 +54,7 @@ describe('libp2p-secio', () => {
       ], cb),
       (cb) => {
         listener.addHandler('/banana/1.0.0', (conn) => {
-          local = createSession(conn).session.secure
+          local = createSession(conn)
           pull(
             local,
             pull.collect((err, chunks) => {
@@ -65,7 +67,7 @@ describe('libp2p-secio', () => {
         cb()
       },
       (cb) => dialer.select('/banana/1.0.0', (err, conn) => {
-        remote = createSession(conn).session.secure
+        remote = createSession(conn)
         pull(
           pull.values(['hello world']),
           remote
@@ -81,10 +83,6 @@ describe('libp2p-secio', () => {
 function createSession (insecure) {
   const key = crypto.generateKeyPair('RSA', 2048)
   const id = PeerId.createFromPrivKey(key.bytes)
-  return {
-    id,
-    key,
-    insecure,
-    session: new SecureSession(id, key, insecure)
-  }
+
+  return secio.encrypt(id, key, insecure)
 }