diff --git a/draft-ietf-quic-invariants.md b/draft-ietf-quic-invariants.md
index 39f99d7ff2..ed6b7582de 100644
--- a/draft-ietf-quic-invariants.md
+++ b/draft-ietf-quic-invariants.md
@@ -298,8 +298,8 @@ contains no other fields.  An endpoint MUST ignore a packet that contains no
 Supported Version fields, or a truncated Supported Version.
 
 Version Negotiation packets do not use integrity or confidentiality protection.
-Specific QUIC versions define mechanisms to authenticate the packet as part of
-the connection establishment process.
+Specific QUIC versions might include protocol elements that allow endpoints to
+detect modification or corruption in the set of supported versions.
 
 An endpoint MUST include the value from the Source Connection ID field of the
 packet it receives in the Destination Connection ID field.  The value for Source
@@ -334,8 +334,8 @@ requires that middleboxes retain state for every connection ID they see.
 
 The Version Negotiation packet described in this document is not
 integrity-protected; it only has modest protection against insertion by off-path
-attackers.  QUIC versions MUST define a mechanism that authenticates the values
-it contains.
+attackers.  An endpoint MUST authenticate the contents of a Version Negotiation
+packet if it attempts a different QUIC version as a result.
 
 
 # IANA Considerations