Forbid self-Update entirely (#519)

Co-authored-by: Richard L. Barnes <richbarn@cisco.com>

draft-ietf-mls-protocol.md

@@ -2665,14 +2665,11 @@ unless the proposal type is supported by all the members of the group that will
 process the Commit (i.e., not including any members being added or removed by
 the Commit).
 
-The sender of a Commit SHOULD NOT include any Update proposals that the sender
-themselves generated.  If sender generated one or more Update proposals during
-an epoch, then it SHOULD instead update its leaf and direct path by sending
-`path` field in the Commit.
-
 If there are multiple proposals that apply to the same leaf, the committer
 chooses one and includes only that one in the Commit, considering the rest
-invalid. The committer MUST prefer any Remove received, or the most recent
+invalid.  The committer MUST NOT include any Update proposals generated by the
+committer, since they would be duplicative with the `path` field in the Commit.
+The committer MUST prefer any Remove received, or the most recent
 Update for the leaf if there are no Removes. If there are multiple Add proposals
 containing KeyPackages with the same tuple `(credential.identity, endpoint_id)`
 the committer again chooses one to include and considers the rest invalid. Add