Apply suggestions from Paul's review

c2bo · paulbastian · web-flow · commit 3be60e6f8255 · 2025-07-17T16:57:18.000+02:00
Co-authored-by: Paul Bastian &lt;paul.bastian@posteo.de&gt;
diff --git a/draft-ietf-oauth-status-list.md b/draft-ietf-oauth-status-list.md
@@ -995,7 +995,7 @@ This behaviour may be mitigated by:
 
 ## Issuer Tracking of Reference Tokens
 
-A malicious Issuer could bypass the privacy benefits of the herd privacy by 
+An Issuer could maliciously or accidentally bypass the privacy benefits of the herd privacy by either:
 - Generating a unique Status List for every Referenced Token. By these means, the Issuer could maintain a mapping between Referenced Tokens and Status Lists and thus track the usage of Referenced Tokens by utilizing this mapping for the incoming requests. 
 - Encoding a unique uri in each Reference Token which points to the underlying Status List. This may involve using uri components such as query parameters, unique path segments or fragments to make the uri unique.
 
