diff --git a/docs/specification.rst b/docs/specification.rst
index bae18147a8..e1c83bed78 100644
--- a/docs/specification.rst
+++ b/docs/specification.rst
@@ -1626,6 +1626,9 @@ SRV Records
 Security
 ========
 
+.. NOTE::
+  This section is a work in progress.
+
 Threat Model
 ------------
 
@@ -1635,9 +1638,9 @@ Denial of Service
 The attacker could attempt to prevent delivery of messages to or from the
 victim in order to:
 
-    * Disrupt service or marketing campaign of a commercial competitor.
-    * Censor a discussion or censor a participant in a discussion.
-    * Perform general vandalism.
+* Disrupt service or marketing campaign of a commercial competitor.
+* Censor a discussion or censor a participant in a discussion.
+* Perform general vandalism.
 
 Threat: Resource Exhaustion
 +++++++++++++++++++++++++++
@@ -1749,9 +1752,6 @@ Threat: Disclosure to Servers Within Chatroom
 An attacker could take control of a server within a chatroom to expose message
 contents or metadata for messages in that room.
 
-.. NOTE::
-  This section is a work in progress.
-
 Rate limiting
 -------------
 Home servers SHOULD implement rate limiting to reduce the risk of being overloaded. If a