diff --git a/draft-ietf-tls-rfc8446bis.html b/draft-ietf-tls-rfc8446bis.html
index 72df4da8..b1fa63c9 100644
--- a/draft-ietf-tls-rfc8446bis.html
+++ b/draft-ietf-tls-rfc8446bis.html
@@ -8748,7 +8748,7 @@ <h3 id="name-client-and-server-tracking-">
 clients and/or servers across connections. Use of the
 Encrypted Client Hello <span>[<a href="#I-D.ietf-tls-esni" class="cite xref">I-D.ietf-tls-esni</a>]</span> extension can
 mitigate this risk, as can mechanisms external to TLS that
-rotate the PSK identity.<a href="#appendix-C.4-5" class="pilcrow">¶</a></p>
+rotate or encrypt the PSK identity.<a href="#appendix-C.4-5" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="unauthenticated-operation">
diff --git a/draft-ietf-tls-rfc8446bis.txt b/draft-ietf-tls-rfc8446bis.txt
index afe8b0ef..94c606ca 100644
--- a/draft-ietf-tls-rfc8446bis.txt
+++ b/draft-ietf-tls-rfc8446bis.txt
@@ -6075,7 +6075,7 @@ C.4.  Client and Server Tracking Prevention
    will generally be possible for an external observer to track clients
    and/or servers across connections.  Use of the Encrypted Client Hello
    [I-D.ietf-tls-esni] extension can mitigate this risk, as can
-   mechanisms external to TLS that rotate the PSK identity.
+   mechanisms external to TLS that rotate or encrypt the PSK identity.
 
 C.5.  Unauthenticated Operation