Replace pw with at

index.bs

@@ -346,12 +346,12 @@ Issue: Include cross references to the specs for these hash functions.
 
 The advertising agent should add an additional field to the TXT record:
 
-: pw
+: at
 :: An alphanumeric, unguessable token consisting of characters from the set
     `[A-Za-z0-9+/]`.
 
-Note: `pw` prevents off-LAN parties from attempting authentication; see
-[[#remote-active-mitigations]].  `pw` should have at least 32 bits of true
+Note: `at` prevents off-LAN parties from attempting authentication; see
+[[#remote-active-mitigations]].  `at` should have at least 32 bits of true
 entropy to make brute force attacks impractical.
 
 Issue: Add examples of sample mDNS records.
@@ -532,10 +532,10 @@ support the numeric PSK input method.
 
 Any authentication method may require an `auth-initation-token` before showing a
 PSK to the user or requesting PSK input from the user.  If an [=advertising
-agent=] has the `pw` field in its mDNS TXT record, it must be used as the
+agent=] has the `at` field in its mDNS TXT record, it must be used as the
 `auth-initation-token` in the the first authentication message sent to or from
 that agent.  Agents should discard any authentication message whose
-`auth-initation-token` is set and does not match the `pw` provided by the
+`auth-initation-token` is set and does not match the `at` provided by the
 advertising agent.
 
 Authentication with SPAKE2 {#authentication-with-spake2}
@@ -2138,7 +2138,7 @@ Protocol agents, because a misconfigured firewall or NAT could expose a
 LAN-connected agent to the broader Internet.  Open Screen Protocol agents
 should be secure against attack from any Internet host.
 
-Advertising agents should set the `pw` field in their mDNS TXT record to protect
+Advertising agents should set the `at` field in their mDNS TXT record to protect
 themselves from off-LAN attempts to initiate [[#authentication]], which result
 in user annoyance (display or input of PSK) and potential brute force attacks
 against the PSK.