From c84485af96cd1fc051ac9724bddd52e6c0a6ffec Mon Sep 17 00:00:00 2001
From: Tommy Pauly <tpauly@apple.com>
Date: Fri, 6 Oct 2023 13:02:04 -0700
Subject: [PATCH 1/3] Explaining consistency failure handling

Closes #18
---
 draft-group-privacypass-k-check.md | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/draft-group-privacypass-k-check.md b/draft-group-privacypass-k-check.md
index 45297e9..11a8b36 100644
--- a/draft-group-privacypass-k-check.md
+++ b/draft-group-privacypass-k-check.md
@@ -262,7 +262,29 @@ factors, including, but not limited to, the number of clients interacting with a
 mirror, whether or not the mirror is trustworthy, and application requirements for dealing
 with consistency check failures.
 
-<!-- TODO: weave in considerations here -->
+## Handling Consistency Failures
+
+If a consistency check fails, either because the request to the mirror failed or
+because the mirrored resource did not match, the client MUST NOT use the original resource.
+The client behavior for what to do instead can vary depending on the protocol, availability
+of alternative services, and client policy.
+
+If the client has multiple options for equivalent services, it can choose to fall back
+from a service that failed a consistency check to one that passed all consistency checks.
+For example, if a client has the option of using one of a set of Privacy Pass token
+issuers, it can choose an issuer that passes all consistency checks.
+
+If the service that failed the consistency check is an optional optimization for the client,
+the client can simply choose to not use the service. For example, if a Privacy Pass token is
+used to avoid showing the user a CAPTCHA, but the Privacy Pass token issuer fails the
+consistency check, the client can fall back to showing the user a CAPTCHA.
+
+For cases where the client has no alternate services to use, and the service is
+required in order to perform user-facing functionality, the client SHOULD report the
+error in a visible way the presents the error to the user or an administrator. This
+functionality can be similar to how invalid TLS certificates are reported.
+
+## Selecting Mirror Servers
 
 In many of these systems where the mirror protocol might be used, including common
 configurations for Privacy Pass and OHTTP, there is already a party who is necessarily

From e182b14ab4171e4017933fd20d10ddd41cdb2678 Mon Sep 17 00:00:00 2001
From: Tommy Pauly <tpauly@apple.com>
Date: Mon, 9 Oct 2023 08:36:43 -0700
Subject: [PATCH 2/3] Update draft-group-privacypass-k-check.md

---
 draft-group-privacypass-k-check.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/draft-group-privacypass-k-check.md b/draft-group-privacypass-k-check.md
index 11a8b36..7d3c1d6 100644
--- a/draft-group-privacypass-k-check.md
+++ b/draft-group-privacypass-k-check.md
@@ -281,7 +281,7 @@ consistency check, the client can fall back to showing the user a CAPTCHA.
 
 For cases where the client has no alternate services to use, and the service is
 required in order to perform user-facing functionality, the client SHOULD report the
-error in a visible way the presents the error to the user or an administrator. This
+error in a visible way that presents the error to the user or an administrator. This
 functionality can be similar to how invalid TLS certificates are reported.
 
 ## Selecting Mirror Servers

From baba2f91c46e770c268ebeed5f26076ea82de8ec Mon Sep 17 00:00:00 2001
From: Tommy Pauly <tpauly@apple.com>
Date: Mon, 9 Oct 2023 08:40:21 -0700
Subject: [PATCH 3/3] Update draft-group-privacypass-k-check.md

---
 draft-group-privacypass-k-check.md | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/draft-group-privacypass-k-check.md b/draft-group-privacypass-k-check.md
index 7d3c1d6..c1de0eb 100644
--- a/draft-group-privacypass-k-check.md
+++ b/draft-group-privacypass-k-check.md
@@ -264,10 +264,12 @@ with consistency check failures.
 
 ## Handling Consistency Failures
 
-If a consistency check fails, either because the request to the mirror failed or
-because the mirrored resource did not match, the client MUST NOT use the original resource.
-The client behavior for what to do instead can vary depending on the protocol, availability
-of alternative services, and client policy.
+If a consistency check fails because the mirrored resource did not match, the client
+MUST NOT use the original resource. For cases where the check failed because the
+client was unable to communicate with the mirror, client policy dictates whether or
+not to assume the resource is consistent. Client behavior for what to do in the case
+of inconsistency can vary depending on the protocol, availability of alternative services,
+and client policy.
 
 If the client has multiple options for equivalent services, it can choose to fall back
 from a service that failed a consistency check to one that passed all consistency checks.