diff --git a/protocol/protocol.tex b/protocol/protocol.tex
index 6ad54968..bbabe920 100644
--- a/protocol/protocol.tex
+++ b/protocol/protocol.tex
@@ -4016,20 +4016,24 @@ Let $\ValueCommitAlg$ and $\NoteCommitSaplingAlg$ be as specified in \crossref{a
 
 Let $\reprJ$ and $\ParamJ{h}$ be as defined in \crossref{jubjub}.
 
-\vspace{2ex}
-Let $\OutViewingKey$ be the \outgoingViewingKey of the address from which the payment
-is being sent.
+\vspace{1ex}
+Let $\OutViewingKey$ be an \outgoingViewingKey that is intended to be able to decrypt
+this payment. This may be one of:
+\begin{itemize}
+  \item the \outgoingViewingKey for the address (or one of the addresses) from which the
+        payment was sent;
+  \item the \outgoingViewingKey for all payments associated with an \quotedterm{account},
+        to be defined in \cite{ZIP-32};
+  \item $\bot$, if the sender should not be able to decrypt the payment once it has
+        deleted its own copy.
+\end{itemize}
 
 \vspace{-4ex}
-\pnote{If a payment is sent from multiple addresses, the sender \MAY choose one
-of the addresses for this purpose. Alternatively, the sender \MAY use a separate
-\outgoingViewingKey for all payments associated with an \quotedterm{account}.
-The latter is intended to be defined in \cite{ZIP-32} which is currently in draft.
-If the sender prefers to obtain forward secrecy of the payment information with
-respect to compromise of its own secrets, it \MAY set $\OutViewingKey = \bot$.}
+\pnote{Choosing $\OutViewingKey = \bot$ is useful if the sender prefers to obtain
+forward secrecy of the payment information with respect to compromise of its own secrets.}
 
 \introlist
-\vspace{2ex}
+\vspace{1ex}
 For each \outputDescription, the sender selects a value $\ValueNew{}$ and a destination
 \Sapling \paymentAddress $(\Diversifier, \DiversifiedTransmitPublic)$, and then performs
 the following steps:
@@ -9547,7 +9551,8 @@ Peter Newell's illustration of the Jubjub bird, from \cite{Carroll1902}.
 \sapling{
     \item Complete the proof of \theoremref{thmpedersendistinctabsindices}.
     \item Add a note about redundancy in the nonsmall-order checking of $\AuthSignRandomizedPublic$.
-    \item Clarify the use of $\cvNew{}$ and $\cmNew{}$ in sending Sapling notes.
+    \item Clarify the use of $\cvNew{}$ and $\cmNew{}$, and the selection of
+          \outgoingViewingKey, in sending Sapling notes.
 } %sapling
 \end{itemize}