diff --git a/draft-bradleylundberg-cfrg-arkg.html b/draft-bradleylundberg-cfrg-arkg.html
index ce35683..1934eed 100644
--- a/draft-bradleylundberg-cfrg-arkg.html
+++ b/draft-bradleylundberg-cfrg-arkg.html
@@ -1184,7 +1184,7 @@ <h2 id="name-copyright-notice">
                 <p id="section-toc.1-1.3.2.2.1"><a href="#section-3.2" class="auto internal xref">3.2</a>.  <a href="#name-using-ecdh-as-the-kem" class="internal xref">Using ECDH as the KEM</a></p>
 </li>
               <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.3">
-                <p id="section-toc.1-1.3.2.3.1"><a href="#section-3.3" class="auto internal xref">3.3</a>.  <a href="#name-using-both-elliptic-curve-a" class="internal xref">Using both elliptic curve arithmetic for key blinding and ECDH as the KEM</a></p>
+                <p id="section-toc.1-1.3.2.3.1"><a href="#section-3.3" class="auto internal xref">3.3</a>.  <a href="#name-using-the-same-key-for-both" class="internal xref">Using the same key for both key blinding and KEM</a></p>
 </li>
               <li class="compact toc ulBare ulEmpty" id="section-toc.1-1.3.2.4">
                 <p id="section-toc.1-1.3.2.4.1"><a href="#section-3.4" class="auto internal xref">3.4</a>.  <a href="#name-using-hmac-as-the-mac" class="internal xref">Using HMAC as the MAC</a></p>
@@ -1810,17 +1810,18 @@ <h3 id="name-using-ecdh-as-the-kem">
 <p id="section-3.2-5"><span class="cref" id="also_reject_g_1">ISSUE: Also reject point G?<span class="crefSource">Emil</span></span><a href="#section-3.2-5" class="pilcrow">¶</a></p>
 </section>
 </div>
-<div id="blinding-kem-ecdh">
+<div id="blinding-kem-same-key">
 <section id="section-3.3">
-        <h3 id="name-using-both-elliptic-curve-a">
-<a href="#section-3.3" class="section-number selfRef">3.3. </a><a href="#name-using-both-elliptic-curve-a" class="section-name selfRef">Using both elliptic curve arithmetic for key blinding and ECDH as the KEM</a>
+        <h3 id="name-using-the-same-key-for-both">
+<a href="#section-3.3" class="section-number selfRef">3.3. </a><a href="#name-using-the-same-key-for-both" class="section-name selfRef">Using the same key for both key blinding and KEM</a>
         </h3>
-<p id="section-3.3-1">If elliptic curve arithmetic is used for key blinding and ECDH is used as the KEM,
-as described in the previous sections,
-then both of them <span class="bcp14">MAY</span> use the same curve or <span class="bcp14">MAY</span> use different curves.
-If both use the same curve, then it is also possible to use the same public key
-as both the key blinding public key and the KEM public key. <span>[<a href="#Frymann2020" class="cite xref">Frymann2020</a>]</span><a href="#section-3.3-1" class="pilcrow">¶</a></p>
-<p id="section-3.3-2"><span class="cref" id="same_key_caveats">ISSUE: Caveats? I think I read in some paper or thesis about specific drawbacks of using the same key for both.<span class="crefSource">Emil</span></span><a href="#section-3.3-2" class="pilcrow">¶</a></p>
+<p id="section-3.3-1">When an ARKG instance uses the same type of key for both the key blinding and the KEM -
+for example, if elliptic curve arithmetic is used for key blinding as described in <a href="#blinding-ec" class="auto internal xref">Section 3.1</a>
+and ECDH is used as the KEM as described in <a href="#kem-ecdh" class="auto internal xref">Section 3.2</a> <span>[<a href="#Frymann2020" class="cite xref">Frymann2020</a>]</span> -
+then the two keys <span class="bcp14">MAY</span> be the same key.
+Representations of such an ARKG seed <span class="bcp14">MAY</span> allow for omitting the second copy of the constituent key,
+but such representations <span class="bcp14">MUST</span> clearly identify that the single constituent key is to be used
+both as the key blinding key and the KEM key.<a href="#section-3.3-1" class="pilcrow">¶</a></p>
 </section>
 </div>
 <div id="mac-hmac">
diff --git a/draft-bradleylundberg-cfrg-arkg.txt b/draft-bradleylundberg-cfrg-arkg.txt
index a95dca3..cd2e42d 100644
--- a/draft-bradleylundberg-cfrg-arkg.txt
+++ b/draft-bradleylundberg-cfrg-arkg.txt
@@ -83,8 +83,7 @@ Table of Contents
    3.  Generic ARKG instantiations
      3.1.  Using elliptic curve arithmetic for key blinding
      3.2.  Using ECDH as the KEM
-     3.3.  Using both elliptic curve arithmetic for key blinding and
-           ECDH as the KEM
+     3.3.  Using the same key for both key blinding and KEM
      3.4.  Using HMAC as the MAC
      3.5.  Using HKDF as the KDF
    4.  Concrete ARKG instantiations
@@ -632,21 +631,16 @@ Table of Contents
    //
    // -- Emil
 
-3.3.  Using both elliptic curve arithmetic for key blinding and ECDH as
-      the KEM
+3.3.  Using the same key for both key blinding and KEM
 
-   If elliptic curve arithmetic is used for key blinding and ECDH is
-   used as the KEM, as described in the previous sections, then both of
-   them MAY use the same curve or MAY use different curves.  If both use
-   the same curve, then it is also possible to use the same public key
-   as both the key blinding public key and the KEM public key.
-   [Frymann2020]
-
-
-   // ISSUE: Caveats?  I think I read in some paper or thesis about
-   // specific drawbacks of using the same key for both.
-   //
-   // -- Emil
+   When an ARKG instance uses the same type of key for both the key
+   blinding and the KEM - for example, if elliptic curve arithmetic is
+   used for key blinding as described in Section 3.1 and ECDH is used as
+   the KEM as described in Section 3.2 [Frymann2020] - then the two keys
+   MAY be the same key.  Representations of such an ARKG seed MAY allow
+   for omitting the second copy of the constituent key, but such
+   representations MUST clearly identify that the single constituent key
+   is to be used both as the key blinding key and the KEM key.
 
 3.4.  Using HMAC as the MAC
 
